This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch lxoliva/thread-safety-docs.stgit created. glibc-2.18-1283-g1ba4ff6
- From: aoliva at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 31 Aug 2013 15:58:47 -0000
- Subject: GNU C Library master sources branch lxoliva/thread-safety-docs.stgit created. glibc-2.18-1283-g1ba4ff6
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, lxoliva/thread-safety-docs.stgit has been created
at 1ba4ff625fde4ee563780edb919fd405dbb7e11a (commit)
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1ba4ff625fde4ee563780edb919fd405dbb7e11a
commit 1ba4ff625fde4ee563780edb919fd405dbb7e11a
Merge: 9a67aa8 3d982e9 8dcc1fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:52:08 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9a67aa8f1a5ba0b9d0a3761bb0f7281c08f8bac2
commit 9a67aa8f1a5ba0b9d0a3761bb0f7281c08f8bac2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:52:08 2013 -0300
float
diff --git a/meta b/meta
index d1ea3ca..6acab66 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 68379fd7aa430c571bb1b455da71c13a56186002
-Head: ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
+Previous: 8dcc1fc605293e377b1b3b196ac39b228f83271a
+Head: 3d982e90af49460d37c23c10f3cde364c598269c
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -21,14 +21,14 @@ Applied:
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
manual-document-mt-safety-locale.patch: 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
manual-document-mt-safety-stdio.patch: bf14604afc992972ae425a0cc64d4345c1443c86
- wip-manual-document-mt-safety-math.patch: 5bbf285ade787de926d767c3417beadb4e17ca84
- wip-manual-document-mt-safety-pattern.patch: 5136b46325225e9cd18f14795bba9e80f7df4a07
- wip-manual-document-mt-safety-resource.patch: a74a71127664c49f6e66cf92fe2f50b0d0468097
- wip-manual-document-mt-safety-startup.patch: 6d5ae028722ff5a2d6bc3335939bc5dceca2564b
- wip-manual-document-mt-safety-search.patch: d011a67de1084c6dc09e112cd8356b867cfb9ee2
- wip-manual-document-mt-safety-string.patch: 0f0207a1f9e087838409f6d0cb6ce1b1ce3c037d
- wip-manual-document-mt-safety-terminal.patch: 8e43609f975993702fbcda503225c049d6c589be
- wip-manual-document-mt-safety-threads.patch: 9ac0d00edce2fa5e88694ad2f4dfa7a86fc82b6c
- wip-manual-document-mt-safety-time.patch: ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
+ wip-manual-document-mt-safety-pattern.patch: 6cf9b45a103ccc5656165a7d0853e72e1943f66a
+ wip-manual-document-mt-safety-resource.patch: 31fdcc2e40cc85faacf27d4247bb49604f945e2a
+ wip-manual-document-mt-safety-startup.patch: b13b7976ce56d128972d5a2bb04bb907a0661dee
+ wip-manual-document-mt-safety-search.patch: 511601826ccf40a83ac4e98820117ad8811dc5a0
+ wip-manual-document-mt-safety-string.patch: 1d120b93f49b9c1f4c44a49a07573c7ff19f4afd
+ wip-manual-document-mt-safety-terminal.patch: a5694376fe735dff550e59e048450335a9e5c8c4
+ wip-manual-document-mt-safety-threads.patch: d95db27ca339a074ca9b90b4373c420faeeede0c
+ wip-manual-document-mt-safety-time.patch: bd0a9d90000da3c55281a0dafdb4e3273ebe9047
+ wip-manual-document-mt-safety-math.patch: 3d982e90af49460d37c23c10f3cde364c598269c
Unapplied:
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 447c1e4..478e891 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 2354d4aa92087b147a4a7f1f3a850dc073e8ac83
-Top: e0ae0ec7f79cc39e8f29c1eee46e985a86436151
+Bottom: 1aae18f21a7abcf6ef192cc6d6ed3b80d59b841b
+Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index 9e888ec..5fbcc19 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
-Bottom: e0ae0ec7f79cc39e8f29c1eee46e985a86436151
-Top: 7ffb7fa11ce809a35157c9878854ecf081914170
+Bottom: 2354d4aa92087b147a4a7f1f3a850dc073e8ac83
+Top: 9e348119582d4b7a6d3aae3c97c9a14f37762d4f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 9e73865..de8c53c 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 7ffb7fa11ce809a35157c9878854ecf081914170
-Top: 9e5b6bf2781971d6205b7140fd3dedfe51777593
+Bottom: 9e348119582d4b7a6d3aae3c97c9a14f37762d4f
+Top: 6ad89fbd423e8628ec6c87e489c9f01ff82f1c62
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 7b4d6eb..2951e4b 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: dde37196871d1c4086ac7baf306aa861a6f4d9b8
-Top: 0ae019fb1f8d91cdcda3e370462a4e56a12fa640
+Bottom: dac45915cce6219148b13a23ce8ec776453b6aab
+Top: 48b016e0371710e7bb553d5918bbec02de205264
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index f62e989..f81255c 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 9e5b6bf2781971d6205b7140fd3dedfe51777593
-Top: dde37196871d1c4086ac7baf306aa861a6f4d9b8
+Bottom: 6ad89fbd423e8628ec6c87e489c9f01ff82f1c62
+Top: dac45915cce6219148b13a23ce8ec776453b6aab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index d70bef5..be1999e 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 0ae019fb1f8d91cdcda3e370462a4e56a12fa640
-Top: 6b383988fa40a69605d230973b14cabc32603c24
+Bottom: 48b016e0371710e7bb553d5918bbec02de205264
+Top: 387134961945f06e0ec10fe9dea6b8965205264f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 67c1a81..43823c9 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 6b383988fa40a69605d230973b14cabc32603c24
-Top: fb68481249349a8485cf5875f3d611fe8904e2e5
+Bottom: 387134961945f06e0ec10fe9dea6b8965205264f
+Top: 0f34e8a094f9f2d3f9479215c902cd398d6ef448
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 2614101..78084f9 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: fb68481249349a8485cf5875f3d611fe8904e2e5
-Top: e851d0d03b805478aac31e6844f2f0820a760ff0
+Bottom: 0f34e8a094f9f2d3f9479215c902cd398d6ef448
+Top: e1d4b6174c3b1ae6df39351971073374faee18fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 4213d8a..b0386b2 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: e851d0d03b805478aac31e6844f2f0820a760ff0
-Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
+Bottom: e1d4b6174c3b1ae6df39351971073374faee18fb
+Top: 1aae18f21a7abcf6ef192cc6d6ed3b80d59b841b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3d982e90af49460d37c23c10f3cde364c598269c
commit 3d982e90af49460d37c23c10f3cde364c598269c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bd0a9d90000da3c55281a0dafdb4e3273ebe9047
commit bd0a9d90000da3c55281a0dafdb4e3273ebe9047
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d95db27ca339a074ca9b90b4373c420faeeede0c
commit d95db27ca339a074ca9b90b4373c420faeeede0c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a5694376fe735dff550e59e048450335a9e5c8c4
commit a5694376fe735dff550e59e048450335a9e5c8c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1d120b93f49b9c1f4c44a49a07573c7ff19f4afd
commit 1d120b93f49b9c1f4c44a49a07573c7ff19f4afd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=511601826ccf40a83ac4e98820117ad8811dc5a0
commit 511601826ccf40a83ac4e98820117ad8811dc5a0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b13b7976ce56d128972d5a2bb04bb907a0661dee
commit b13b7976ce56d128972d5a2bb04bb907a0661dee
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=31fdcc2e40cc85faacf27d4247bb49604f945e2a
commit 31fdcc2e40cc85faacf27d4247bb49604f945e2a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6cf9b45a103ccc5656165a7d0853e72e1943f66a
commit 6cf9b45a103ccc5656165a7d0853e72e1943f66a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..da2c8b6 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup ok
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,247 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes glocale, asmalloc, memleak
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll glocale, asmalloc, memleak
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup ok
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_halt_state_context dup ok
+@c prune_impossible_nodes glocale, asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward glocale, asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state glocale, asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref glocale, asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup glocale, asmalloc, memleak
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states glocale, asmalloc, memleak
+@c sift_states_iter_mb glocale, asmalloc, memleak
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1533,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8dcc1fc605293e377b1b3b196ac39b228f83271a
commit 8dcc1fc605293e377b1b3b196ac39b228f83271a
Merge: ef3f8e3 ca751b1 68379fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:52:02 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ef3f8e3a7a92ec9b1081abc002f42ece677b7b8c
commit ef3f8e3a7a92ec9b1081abc002f42ece677b7b8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:52:02 2013 -0300
push
diff --git a/meta b/meta
index 9c3823b..d1ea3ca 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6bce3f5791083d308b605e951d47f834711f5091
-Head: 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
+Previous: 68379fd7aa430c571bb1b455da71c13a56186002
+Head: ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,15 +20,15 @@ Applied:
manual-document-mt-safety-lang.patch: eadd5e24321249b093b22f50057e8396fd887b2d
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
manual-document-mt-safety-locale.patch: 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
+ manual-document-mt-safety-stdio.patch: bf14604afc992972ae425a0cc64d4345c1443c86
+ wip-manual-document-mt-safety-math.patch: 5bbf285ade787de926d767c3417beadb4e17ca84
+ wip-manual-document-mt-safety-pattern.patch: 5136b46325225e9cd18f14795bba9e80f7df4a07
+ wip-manual-document-mt-safety-resource.patch: a74a71127664c49f6e66cf92fe2f50b0d0468097
+ wip-manual-document-mt-safety-startup.patch: 6d5ae028722ff5a2d6bc3335939bc5dceca2564b
+ wip-manual-document-mt-safety-search.patch: d011a67de1084c6dc09e112cd8356b867cfb9ee2
+ wip-manual-document-mt-safety-string.patch: 0f0207a1f9e087838409f6d0cb6ce1b1ce3c037d
+ wip-manual-document-mt-safety-terminal.patch: 8e43609f975993702fbcda503225c049d6c589be
+ wip-manual-document-mt-safety-threads.patch: 9ac0d00edce2fa5e88694ad2f4dfa7a86fc82b6c
+ wip-manual-document-mt-safety-time.patch: ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
Unapplied:
- manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
- wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
- wip-manual-document-mt-safety-pattern.patch: 9d8222797fb192c47f61ef2756ba9bf721caed9d
- wip-manual-document-mt-safety-resource.patch: ea9df22bfd43daf99bbcadfa546e4989e0bec7ea
- wip-manual-document-mt-safety-startup.patch: 774b847dc98387e90b576162ae3037de3f804693
- wip-manual-document-mt-safety-search.patch: 33ed2f703bf905ac3dbb8beadda4548fb8ec09d2
- wip-manual-document-mt-safety-string.patch: b821402693242076cefaf22a0d5f04c48fedd3d0
- wip-manual-document-mt-safety-terminal.patch: 21de0b6010d4445b2194624a4776886fcf61f982
- wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
- wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 9a6df66..431234b 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: dbeae1070d7f82bd45fdd09f92ac8b9617a600a7
-Top: f26c5c6c4721a7c34f60aa5f7bc732d04153cd64
+Bottom: 84b8d343b6e17d8574bbe4b1f9cb2a37cb54b27e
+Top: 2354d4aa92087b147a4a7f1f3a850dc073e8ac83
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index b0d3038..447c1e4 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: f26c5c6c4721a7c34f60aa5f7bc732d04153cd64
-Top: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
+Bottom: 2354d4aa92087b147a4a7f1f3a850dc073e8ac83
+Top: e0ae0ec7f79cc39e8f29c1eee46e985a86436151
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index 3e44fe7..9e888ec 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
-Bottom: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
-Top: e9dc853cd4e0bf04e89587ca842442a911baed92
+Bottom: e0ae0ec7f79cc39e8f29c1eee46e985a86436151
+Top: 7ffb7fa11ce809a35157c9878854ecf081914170
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 4a933c4..9e73865 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: e9dc853cd4e0bf04e89587ca842442a911baed92
-Top: ffd5cfff82d2353229204337d172ca6232c502d5
+Bottom: 7ffb7fa11ce809a35157c9878854ecf081914170
+Top: 9e5b6bf2781971d6205b7140fd3dedfe51777593
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index ae3f846..7b4d6eb 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 2f7ecd5a953ea11aa3294ac487aa5f53c941a28a
-Top: da16f2d144f592ae1c849bcff6b273474b94d60c
+Bottom: dde37196871d1c4086ac7baf306aa861a6f4d9b8
+Top: 0ae019fb1f8d91cdcda3e370462a4e56a12fa640
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index ec93026..f62e989 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: ffd5cfff82d2353229204337d172ca6232c502d5
-Top: 2f7ecd5a953ea11aa3294ac487aa5f53c941a28a
+Bottom: 9e5b6bf2781971d6205b7140fd3dedfe51777593
+Top: dde37196871d1c4086ac7baf306aa861a6f4d9b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index f01c56b..d70bef5 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: da16f2d144f592ae1c849bcff6b273474b94d60c
-Top: d48407311de1aa694a411ebc9cc94142760cb765
+Bottom: 0ae019fb1f8d91cdcda3e370462a4e56a12fa640
+Top: 6b383988fa40a69605d230973b14cabc32603c24
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index a90b426..67c1a81 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: d48407311de1aa694a411ebc9cc94142760cb765
-Top: 1c64962cf5d20e506eff6118547fd4edf52ad63a
+Bottom: 6b383988fa40a69605d230973b14cabc32603c24
+Top: fb68481249349a8485cf5875f3d611fe8904e2e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index bee22e1..2614101 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 1c64962cf5d20e506eff6118547fd4edf52ad63a
-Top: 3cfff0bb2a5e937f8fe10f3c1a9b77ca1b079659
+Bottom: fb68481249349a8485cf5875f3d611fe8904e2e5
+Top: e851d0d03b805478aac31e6844f2f0820a760ff0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index f2267fc..4213d8a 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 3cfff0bb2a5e937f8fe10f3c1a9b77ca1b079659
-Top: 7f940b008b7f2743c4684dd4fcac50b2e707388b
+Bottom: e851d0d03b805478aac31e6844f2f0820a760ff0
+Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
commit ca751b14a99f6ca19cd387c40c7caf7f1ee5c71a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9ac0d00edce2fa5e88694ad2f4dfa7a86fc82b6c
commit 9ac0d00edce2fa5e88694ad2f4dfa7a86fc82b6c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8e43609f975993702fbcda503225c049d6c589be
commit 8e43609f975993702fbcda503225c049d6c589be
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f0207a1f9e087838409f6d0cb6ce1b1ce3c037d
commit 0f0207a1f9e087838409f6d0cb6ce1b1ce3c037d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d011a67de1084c6dc09e112cd8356b867cfb9ee2
commit d011a67de1084c6dc09e112cd8356b867cfb9ee2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bf14604afc992972ae425a0cc64d4345c1443c86
commit bf14604afc992972ae425a0cc64d4345c1443c86
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 30630ca..9ffe87b 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger than @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale, asmalloc, memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d5ae028722ff5a2d6bc3335939bc5dceca2564b
commit 6d5ae028722ff5a2d6bc3335939bc5dceca2564b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a74a71127664c49f6e66cf92fe2f50b0d0468097
commit a74a71127664c49f6e66cf92fe2f50b0d0468097
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5136b46325225e9cd18f14795bba9e80f7df4a07
commit 5136b46325225e9cd18f14795bba9e80f7df4a07
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..da2c8b6 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup ok
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,247 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes glocale, asmalloc, memleak
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll glocale, asmalloc, memleak
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup ok
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_halt_state_context dup ok
+@c prune_impossible_nodes glocale, asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward glocale, asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state glocale, asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref glocale, asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup glocale, asmalloc, memleak
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states glocale, asmalloc, memleak
+@c sift_states_iter_mb glocale, asmalloc, memleak
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1533,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5bbf285ade787de926d767c3417beadb4e17ca84
commit 5bbf285ade787de926d767c3417beadb4e17ca84
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68379fd7aa430c571bb1b455da71c13a56186002
commit 68379fd7aa430c571bb1b455da71c13a56186002
Merge: 5576362 7f05e88 6bce3f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:51:54 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5576362f8cd7fd634eaf2d25e762a6f58eccf4d3
commit 5576362f8cd7fd634eaf2d25e762a6f58eccf4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:51:54 2013 -0300
float
diff --git a/meta b/meta
index 4cc4baf..9c3823b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2d8a3ec53d2e0fdc4378cae6c72ada4246c12fd9
-Head: 97db8a779b727d321dc9cf106a644fa761073224
+Previous: 6bce3f5791083d308b605e951d47f834711f5091
+Head: 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -19,6 +19,7 @@ Applied:
manual-document-mt-safety-job.patch: 950462adffbb683bfe87aa0e8e80419c3ebe59f8
manual-document-mt-safety-lang.patch: eadd5e24321249b093b22f50057e8396fd887b2d
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
+ manual-document-mt-safety-locale.patch: 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
Unapplied:
manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
@@ -30,5 +31,4 @@ Unapplied:
wip-manual-document-mt-safety-terminal.patch: 21de0b6010d4445b2194624a4776886fcf61f982
wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
- manual-document-mt-safety-locale.patch: 4214cb36d3708ec427b9de7324c804d24d9c3552
Hidden:
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index c54933c..ffc2d2e 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 7f940b008b7f2743c4684dd4fcac50b2e707388b
-Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
+Bottom: dbeae1070d7f82bd45fdd09f92ac8b9617a600a7
+Top: 84b8d343b6e17d8574bbe4b1f9cb2a37cb54b27e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
commit 7f05e88b0fe052bd57fbe1bd1ccb7858d9a527e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..4afa104 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
@@ -1185,6 +1329,10 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
+@c it's regcomp and regexec that bring in all of the safety issues.
+@c regfree is also called, but it doesn't introduce any further issues.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6bce3f5791083d308b605e951d47f834711f5091
commit 6bce3f5791083d308b605e951d47f834711f5091
Merge: 9d0c022 2d8a3ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:51:52 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d0c02285c888d85cf7c7a4034bdb86158015266
commit 9d0c02285c888d85cf7c7a4034bdb86158015266
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:51:52 2013 -0300
goto
diff --git a/meta b/meta
index 1dfc36e..4cc4baf 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: e3dcc27d73ed78e729a25718727eb83d631db0ec
-Head: 4214cb36d3708ec427b9de7324c804d24d9c3552
+Previous: 2d8a3ec53d2e0fdc4378cae6c72ada4246c12fd9
+Head: 97db8a779b727d321dc9cf106a644fa761073224
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -19,6 +19,7 @@ Applied:
manual-document-mt-safety-job.patch: 950462adffbb683bfe87aa0e8e80419c3ebe59f8
manual-document-mt-safety-lang.patch: eadd5e24321249b093b22f50057e8396fd887b2d
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
+Unapplied:
manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
wip-manual-document-mt-safety-pattern.patch: 9d8222797fb192c47f61ef2756ba9bf721caed9d
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
manual-document-mt-safety-locale.patch: 4214cb36d3708ec427b9de7324c804d24d9c3552
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d8a3ec53d2e0fdc4378cae6c72ada4246c12fd9
commit 2d8a3ec53d2e0fdc4378cae6c72ada4246c12fd9
Merge: 98c4328 e3dcc27
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:16 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=98c43286bd19784213c63c86f9f2d95667d8d9a1
commit 98c43286bd19784213c63c86f9f2d95667d8d9a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:16 2013 -0300
rename
diff --git a/meta b/meta
index 0d47e02..1dfc36e 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 0a7907b63c6a66c7e414744103819d7f8366771e
+Previous: e3dcc27d73ed78e729a25718727eb83d631db0ec
Head: 4214cb36d3708ec427b9de7324c804d24d9c3552
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
@@ -29,6 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 21de0b6010d4445b2194624a4776886fcf61f982
wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
- wip-manual-document-mt-safety-locale.patch: 4214cb36d3708ec427b9de7324c804d24d9c3552
+ manual-document-mt-safety-locale.patch: 4214cb36d3708ec427b9de7324c804d24d9c3552
Unapplied:
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
similarity index 100%
rename from patches/wip-manual-document-mt-safety-locale.patch
rename to patches/manual-document-mt-safety-locale.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e3dcc27d73ed78e729a25718727eb83d631db0ec
commit e3dcc27d73ed78e729a25718727eb83d631db0ec
Merge: b12a923 4214cb3 0a7907b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:07 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b12a923becc8608e582c2916f742678409b83dff
commit b12a923becc8608e582c2916f742678409b83dff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:07 2013 -0300
refresh
diff --git a/meta b/meta
index 629a4c4..0d47e02 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0e6cf8b865cd53052d4ecb71f3d21a2efd6d6c26
-Head: dbb3da270a19fb43d667c13537697660a656c235
+Previous: 0a7907b63c6a66c7e414744103819d7f8366771e
+Head: 4214cb36d3708ec427b9de7324c804d24d9c3552
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 21de0b6010d4445b2194624a4776886fcf61f982
wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
- wip-manual-document-mt-safety-locale.patch: fe706bad5be70be468054c3d603d2026477c8e9b
- refresh-temp: dbb3da270a19fb43d667c13537697660a656c235
+ wip-manual-document-mt-safety-locale.patch: 4214cb36d3708ec427b9de7324c804d24d9c3552
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 3b00500..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,26 +0,0 @@
-Bottom: e8b652117ea1b56a1869c44cc40594c34af2f636
-Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 12:45:06 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 11c9dc7..4afa104 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -1329,8 +1329,10 @@ access to the corresponding locale definitions.
- @comment GNU
- @comment stdlib.h
- @deftypefun int rpmatch (const char *@var{response})
--@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
--@c regfree, regcomp and regexec.
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
-+@c it's regcomp and regexec that bring in all of the safety issues.
-+@c regfree is also called, but it doesn't introduce any further issues.
- The function @code{rpmatch} checks the string in @var{response} whether
- or not it is a correct yes-or-no answer and if yes, which one. The
- check uses the @code{YESEXPR} and @code{NOEXPR} data in the
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index c330fb8..c54933c 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 7f940b008b7f2743c4684dd4fcac50b2e707388b
-Top: e8b652117ea1b56a1869c44cc40594c34af2f636
+Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..11c9dc7 100644
+index 2f10fcd..4afa104 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -188,12 +188,14 @@ index 2f10fcd..11c9dc7 100644
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
-@@ -1185,6 +1329,8 @@ access to the corresponding locale definitions.
+@@ -1185,6 +1329,10 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
-+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
-+@c regfree, regcomp and regexec.
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
++@c it's regcomp and regexec that bring in all of the safety issues.
++@c regfree is also called, but it doesn't introduce any further issues.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0a7907b63c6a66c7e414744103819d7f8366771e
commit 0a7907b63c6a66c7e414744103819d7f8366771e
Merge: e839210 0e6cf8b dbb3da2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:06 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e83921077a06a7f7a7ac99e91331ca75fdb6ad54
commit e83921077a06a7f7a7ac99e91331ca75fdb6ad54
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:06 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index a09e1c7..629a4c4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8620221110d5cce755f0bc92af6422aa916ca8bb
-Head: fe706bad5be70be468054c3d603d2026477c8e9b
+Previous: 0e6cf8b865cd53052d4ecb71f3d21a2efd6d6c26
+Head: dbb3da270a19fb43d667c13537697660a656c235
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
wip-manual-document-mt-safety-locale.patch: fe706bad5be70be468054c3d603d2026477c8e9b
+ refresh-temp: dbb3da270a19fb43d667c13537697660a656c235
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..3b00500
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,26 @@
+Bottom: e8b652117ea1b56a1869c44cc40594c34af2f636
+Top: 574b1f3ead78e44f9134dc32d8cb5ccf08eeb941
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 12:45:06 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 11c9dc7..4afa104 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -1329,8 +1329,10 @@ access to the corresponding locale definitions.
+ @comment GNU
+ @comment stdlib.h
+ @deftypefun int rpmatch (const char *@var{response})
+-@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
+-@c regfree, regcomp and regexec.
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
++@c it's regcomp and regexec that bring in all of the safety issues.
++@c regfree is also called, but it doesn't introduce any further issues.
+ The function @code{rpmatch} checks the string in @var{response} whether
+ or not it is a correct yes-or-no answer and if yes, which one. The
+ check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dbb3da270a19fb43d667c13537697660a656c235
commit dbb3da270a19fb43d667c13537697660a656c235
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:45:06 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 11c9dc7..4afa104 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -1329,8 +1329,10 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
-@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
-@c regfree, regcomp and regexec.
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
+@c it's regcomp and regexec that bring in all of the safety issues.
+@c regfree is also called, but it doesn't introduce any further issues.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e6cf8b865cd53052d4ecb71f3d21a2efd6d6c26
commit 0e6cf8b865cd53052d4ecb71f3d21a2efd6d6c26
Merge: fdb8679 8620221 fe706ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:35 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fdb867912c15762fce03f47eb8279235f617d620
commit fdb867912c15762fce03f47eb8279235f617d620
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:35 2013 -0300
push
diff --git a/meta b/meta
index fb37d51..a09e1c7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 38b88191060bafc589e7c0d4927b9398a5be2aac
-Head: 9d8222797fb192c47f61ef2756ba9bf721caed9d
+Previous: 8620221110d5cce755f0bc92af6422aa916ca8bb
+Head: fe706bad5be70be468054c3d603d2026477c8e9b
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -22,13 +22,13 @@ Applied:
manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
wip-manual-document-mt-safety-pattern.patch: 9d8222797fb192c47f61ef2756ba9bf721caed9d
+ wip-manual-document-mt-safety-resource.patch: ea9df22bfd43daf99bbcadfa546e4989e0bec7ea
+ wip-manual-document-mt-safety-startup.patch: 774b847dc98387e90b576162ae3037de3f804693
+ wip-manual-document-mt-safety-search.patch: 33ed2f703bf905ac3dbb8beadda4548fb8ec09d2
+ wip-manual-document-mt-safety-string.patch: b821402693242076cefaf22a0d5f04c48fedd3d0
+ wip-manual-document-mt-safety-terminal.patch: 21de0b6010d4445b2194624a4776886fcf61f982
+ wip-manual-document-mt-safety-threads.patch: eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
+ wip-manual-document-mt-safety-time.patch: 23fab67522c5b3d91610013fb2c8562cf7ec3169
+ wip-manual-document-mt-safety-locale.patch: fe706bad5be70be468054c3d603d2026477c8e9b
Unapplied:
- wip-manual-document-mt-safety-resource.patch: dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
- wip-manual-document-mt-safety-startup.patch: 230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
- wip-manual-document-mt-safety-search.patch: 5e0862c9507f9dc42f539d580c22b31cc9feb8df
- wip-manual-document-mt-safety-string.patch: 18ca074b1729953c82b2ccfbe825c115d2e92612
- wip-manual-document-mt-safety-terminal.patch: fe3192904116fc22495af608394faa50f46a1da0
- wip-manual-document-mt-safety-threads.patch: 0130f8b910297080deea57ff964d8984d8d8df56
- wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
- wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index d7b5c64..c330fb8 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 3c7783bfe7de272998ff4b6668ff58fb27d5195e
-Top: c5756e591f2df4db2169921a9937ae43e5dd0515
+Bottom: 7f940b008b7f2743c4684dd4fcac50b2e707388b
+Top: e8b652117ea1b56a1869c44cc40594c34af2f636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index d6f39ef..4a933c4 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
-Top: 1af05f5ff3de999f0b097ad6ce65923b3cdc2986
+Bottom: e9dc853cd4e0bf04e89587ca842442a911baed92
+Top: ffd5cfff82d2353229204337d172ca6232c502d5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 3153fc6..ae3f846 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 3a4ad95549c1eb22a0990741b208dcf7f9df2109
-Top: a15b9967cd628c7e743a12baa7c51939942c7221
+Bottom: 2f7ecd5a953ea11aa3294ac487aa5f53c941a28a
+Top: da16f2d144f592ae1c849bcff6b273474b94d60c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 1777e85..ec93026 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 1af05f5ff3de999f0b097ad6ce65923b3cdc2986
-Top: 3a4ad95549c1eb22a0990741b208dcf7f9df2109
+Bottom: ffd5cfff82d2353229204337d172ca6232c502d5
+Top: 2f7ecd5a953ea11aa3294ac487aa5f53c941a28a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index b2366af..f01c56b 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: a15b9967cd628c7e743a12baa7c51939942c7221
-Top: a93874fc96e3fc2953e3dbc25075e40aed26e303
+Bottom: da16f2d144f592ae1c849bcff6b273474b94d60c
+Top: d48407311de1aa694a411ebc9cc94142760cb765
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index d2d2e45..a90b426 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: a93874fc96e3fc2953e3dbc25075e40aed26e303
-Top: 5feb2a01420811fae094f7c765bf93748917c28a
+Bottom: d48407311de1aa694a411ebc9cc94142760cb765
+Top: 1c64962cf5d20e506eff6118547fd4edf52ad63a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 858f0f5..bee22e1 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 5feb2a01420811fae094f7c765bf93748917c28a
-Top: c2d062247b8bc834da6c82aa7cfd32a9bd64b195
+Bottom: 1c64962cf5d20e506eff6118547fd4edf52ad63a
+Top: 3cfff0bb2a5e937f8fe10f3c1a9b77ca1b079659
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 1db2359..f2267fc 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: c2d062247b8bc834da6c82aa7cfd32a9bd64b195
-Top: 3c7783bfe7de272998ff4b6668ff58fb27d5195e
+Bottom: 3cfff0bb2a5e937f8fe10f3c1a9b77ca1b079659
+Top: 7f940b008b7f2743c4684dd4fcac50b2e707388b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4214cb36d3708ec427b9de7324c804d24d9c3552
commit 4214cb36d3708ec427b9de7324c804d24d9c3552
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..4afa104 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
@@ -1185,6 +1329,10 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale, but
+@c it's regcomp and regexec that bring in all of the safety issues.
+@c regfree is also called, but it doesn't introduce any further issues.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe706bad5be70be468054c3d603d2026477c8e9b
commit fe706bad5be70be468054c3d603d2026477c8e9b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..11c9dc7 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
@@ -1185,6 +1329,8 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
+@c regfree, regcomp and regexec.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=23fab67522c5b3d91610013fb2c8562cf7ec3169
commit 23fab67522c5b3d91610013fb2c8562cf7ec3169
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
commit eafe2b5006176bc49e35cfcd3e4e15ea5a1457d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=21de0b6010d4445b2194624a4776886fcf61f982
commit 21de0b6010d4445b2194624a4776886fcf61f982
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b821402693242076cefaf22a0d5f04c48fedd3d0
commit b821402693242076cefaf22a0d5f04c48fedd3d0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=33ed2f703bf905ac3dbb8beadda4548fb8ec09d2
commit 33ed2f703bf905ac3dbb8beadda4548fb8ec09d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=774b847dc98387e90b576162ae3037de3f804693
commit 774b847dc98387e90b576162ae3037de3f804693
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea9df22bfd43daf99bbcadfa546e4989e0bec7ea
commit ea9df22bfd43daf99bbcadfa546e4989e0bec7ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8620221110d5cce755f0bc92af6422aa916ca8bb
commit 8620221110d5cce755f0bc92af6422aa916ca8bb
Merge: ebe6a3c 9d82227 38b8819
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:31 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebe6a3c6eeb76381b8b2497cb3fdb2c0d1f3ebb5
commit ebe6a3c6eeb76381b8b2497cb3fdb2c0d1f3ebb5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:31 2013 -0300
float
diff --git a/meta b/meta
index b3559cf..fb37d51 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 124e141587a6c8e3ef9d9827e564fda0fd391213
-Head: db9625097d5f7d73d8ba1e10cf6a592ef525404f
+Previous: 38b88191060bafc589e7c0d4927b9398a5be2aac
+Head: 9d8222797fb192c47f61ef2756ba9bf721caed9d
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -21,6 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
+ wip-manual-document-mt-safety-pattern.patch: 9d8222797fb192c47f61ef2756ba9bf721caed9d
Unapplied:
wip-manual-document-mt-safety-resource.patch: dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
wip-manual-document-mt-safety-startup.patch: 230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
@@ -30,5 +31,4 @@ Unapplied:
wip-manual-document-mt-safety-threads.patch: 0130f8b910297080deea57ff964d8984d8d8df56
wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
- wip-manual-document-mt-safety-pattern.patch: 8208554d81801665bf30d80e86a9d43b6036428d
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index aa25e62..3e44fe7 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
-Bottom: c5756e591f2df4db2169921a9937ae43e5dd0515
-Top: e8b652117ea1b56a1869c44cc40594c34af2f636
+Bottom: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
+Top: e9dc853cd4e0bf04e89587ca842442a911baed92
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d8222797fb192c47f61ef2756ba9bf721caed9d
commit 9d8222797fb192c47f61ef2756ba9bf721caed9d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..da2c8b6 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup ok
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,247 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes glocale, asmalloc, memleak
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll glocale, asmalloc, memleak
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup ok
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_halt_state_context dup ok
+@c prune_impossible_nodes glocale, asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward glocale, asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state glocale, asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref glocale, asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup glocale, asmalloc, memleak
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states glocale, asmalloc, memleak
+@c sift_states_iter_mb glocale, asmalloc, memleak
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1533,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=38b88191060bafc589e7c0d4927b9398a5be2aac
commit 38b88191060bafc589e7c0d4927b9398a5be2aac
Merge: 27dc992 124e141
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:26 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=27dc99269da5c00ff4a8e7d32e2406fa01311c43
commit 27dc99269da5c00ff4a8e7d32e2406fa01311c43
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:26 2013 -0300
goto
diff --git a/meta b/meta
index 65c3d61..b3559cf 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c9b9f230ef9957654e167609f80ff8064e6a3026
-Head: 8208554d81801665bf30d80e86a9d43b6036428d
+Previous: 124e141587a6c8e3ef9d9827e564fda0fd391213
+Head: db9625097d5f7d73d8ba1e10cf6a592ef525404f
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -21,6 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
+Unapplied:
wip-manual-document-mt-safety-resource.patch: dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
wip-manual-document-mt-safety-startup.patch: 230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
wip-manual-document-mt-safety-search.patch: 5e0862c9507f9dc42f539d580c22b31cc9feb8df
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
wip-manual-document-mt-safety-pattern.patch: 8208554d81801665bf30d80e86a9d43b6036428d
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=124e141587a6c8e3ef9d9827e564fda0fd391213
commit 124e141587a6c8e3ef9d9827e564fda0fd391213
Merge: b81d500 8208554 c9b9f23
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:24 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b81d500b7e174564e85f1fbe28cf53a19681e8c9
commit b81d500b7e174564e85f1fbe28cf53a19681e8c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:24 2013 -0300
refresh
diff --git a/meta b/meta
index d96adac..65c3d61 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 088f4ecfd9174e8d26f01c2c8f860183e1adade0
-Head: d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
+Previous: c9b9f230ef9957654e167609f80ff8064e6a3026
+Head: 8208554d81801665bf30d80e86a9d43b6036428d
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 0130f8b910297080deea57ff964d8984d8d8df56
wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
- wip-manual-document-mt-safety-pattern.patch: bbf7743976ec2adddb2f60002a8d591211e8d3c7
- refresh-temp: d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
+ wip-manual-document-mt-safety-pattern.patch: 8208554d81801665bf30d80e86a9d43b6036428d
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 85df7a2..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,177 +0,0 @@
-Bottom: b58480891cc51f5cdfe4434cd3a40ad48edac192
-Top: e8b652117ea1b56a1869c44cc40594c34af2f636
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 12:43:23 -0300
-
-Refresh of wip-manual-document-mt-safety-pattern.patch
-
----
-
-diff --git a/manual/pattern.texi b/manual/pattern.texi
-index 4b66204..da2c8b6d2 100644
---- a/manual/pattern.texi
-+++ b/manual/pattern.texi
-@@ -829,7 +829,7 @@ expression into it by calling @code{regcomp}.
- @c re_string_fetch_byte dup ok
- @c re_string_peek_byte dup ok
- @c re_string_skip_bytes dup ok
--@c peek_token_bracket dup
-+@c peek_token_bracket dup ok
- @c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-@@ -1130,8 +1130,9 @@ unless the regular expression contains anchor characters (@samp{^} or
- @comment regex.h
- @comment POSIX.2
- @deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- @c libc_lock_lock selfdeadlock, lockleak
--@c re_search_internal
-+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_allocate asmalloc, memleak
- @c re_string_construct_common dup ok
- @c re_string_realloc_buffers dup asmalloc, memleak
-@@ -1139,7 +1140,7 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c (re_)malloc dup asmalloc, memleak
- @c re_string_byte_at ok
- @c re_string_first_byte dup ok
--@c check_matching
-+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_cur_idx dup ok
- @c acquire_init_state_context dup asmalloc, memleak
- @c re_string_context_at ok
-@@ -1150,11 +1151,11 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c match_ctx_add_subtop asmalloc, memleak
- @c (re_)realloc dup asmalloc, memleak
- @c calloc dup asmalloc, memleak
--@c transit_state_bkref
-+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_cur_idx dup ok
- @c re_string_context_at dup ok
- @c NOT_SATISFY_NEXT_CONSTRAINT ok
--@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_get_buffer ok
- @c search_cur_bkref_entry ok
- @c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-@@ -1165,8 +1166,8 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c build_upper_buffer dup ok (glocale, but optimized)
- @c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_translate_buffer dup ok
--@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
--@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c (re_)realloc dup asmalloc, memleak
- @c re_string_context_at dup ok
- @c re_node_set_init_1 dup asmalloc, memleak
-@@ -1201,9 +1202,9 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c free_state dup asmalloc, memleak
- @c re_acquire_state_context dup asmalloc, memleak
- @c re_node_set_merge dup asmalloc, memleak
--@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
-+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
- @c re_node_set_init_empty dup ok
--@c check_node_accept_bytes (maybe glocale), ***wcscoll
-+@c check_node_accept_bytes glocale, asmalloc, memleak
- @c re_string_byte_at dup ok
- @c re_string_char_size_at dup ok
- @c re_string_elem_size_at (maybe glocale)
-@@ -1217,7 +1218,7 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c _NL_CURRENT_WORD dup ok
- @c _NL_CURRENT dup ok
- @c auto findidx dup ok
--@c wcscoll ***wcscoll
-+@c wcscoll glocale, asmalloc, memleak
- @c re_node_set_empty dup ok
- @c re_node_set_merge dup asmalloc, memleak
- @c re_node_set_free dup asmalloc, memleak
-@@ -1233,7 +1234,7 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c (re_)free dup asmalloc, memleak
- @c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
--@c find_subexp_node dup
-+@c find_subexp_node dup ok
- @c calloc dup asmalloc, memleak
- @c check_arrival dup ***
- @c match_ctx_add_sublast asmalloc, memleak
-@@ -1251,11 +1252,11 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c NOT_SATISFY_NEXT_CONSTRAINT dup ok
- @c re_string_eoi dup ok
- @c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
--@c transit_state
--@c transit_state_mb
-+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_context_at dup ok
- @c NOT_SATISFY_NEXT_CONSTRAINT dup ok
--@c check_node_accept_bytes dup
-+@c check_node_accept_bytes dup glocale, asmalloc, memleak
- @c re_string_cur_idx dup ok
- @c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_node_set_init_union dup asmalloc, memleak
-@@ -1287,26 +1288,26 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c bitset_merge ok
- @c calloc dup asmalloc, memleak
- @c bitset_contain dup ok
--@c merge_state_with_log
-+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c re_string_cur_idx dup ok
- @c re_node_set_init_union dup asmalloc, memleak
- @c re_string_context_at dup ok
- @c re_node_set_free dup asmalloc, memleak
- @c check_subexp_matching_top asmalloc, memleak
- @c match_ctx_add_subtop dup asmalloc, memleak
--@c transit_state_bkref dup
-+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
- @c find_recover_state
- @c re_string_cur_idx dup ok
- @c re_string_skip_bytes dup ok
--@c merge_state_with_log dup
--@c check_halt_state_context dup
--@c prune_impossible_nodes
-+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c check_halt_state_context dup ok
-+@c prune_impossible_nodes glocale, asmalloc, memleak
- @c (re_)malloc dup asmalloc, memleak
- @c sift_ctx_init ok
- @c re_node_set_init_empty dup ok
--@c sift_states_backward
-+@c sift_states_backward glocale, asmalloc, memleak
- @c re_node_set_init_1 dup asmalloc, memleak
--@c update_cur_sifted_state asmalloc, memleak
-+@c update_cur_sifted_state glocale, asmalloc, memleak
- @c add_epsilon_src_nodes asmalloc, memleak
- @c re_acquire_state dup asmalloc, memleak
- @c re_node_set_alloc dup asmalloc, memleak
-@@ -1322,7 +1323,7 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c re_node_set_remove_at dup ok
- @c re_node_set_contains dup ok
- @c re_acquire_state dup asmalloc, memleak
--@c sift_states_bkref asmalloc, memleak
-+@c sift_states_bkref glocale, asmalloc, memleak
- @c search_cur_bkref_entry dup ok
- @c check_dst_limits ok
- @c search_cur_bkref_entry dup ok
-@@ -1330,7 +1331,7 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c check_dst_limits_calc_pos_1 ok
- @c re_node_set_init_copy dup asmalloc, memleak
- @c re_node_set_insert dup asmalloc, memleak
--@c sift_states_backward dup
-+@c sift_states_backward dup glocale, asmalloc, memleak
- @c merge_state_array dup asmalloc, memleak
- @c re_node_set_remove ok
- @c re_node_set_contains dup ok
-@@ -1338,9 +1339,9 @@ unless the regular expression contains anchor characters (@samp{^} or
- @c re_node_set_free dup asmalloc, memleak
- @c re_node_set_free dup asmalloc, memleak
- @c re_node_set_empty dup ok
--@c build_sifted_states
--@c sift_states_iter_mb
--@c check_node_accept_bytes dup
-+@c build_sifted_states glocale, asmalloc, memleak
-+@c sift_states_iter_mb glocale, asmalloc, memleak
-+@c check_node_accept_bytes dup glocale, asmalloc, memleak
- @c check_node_accept dup ok
- @c check_dst_limits dup ok
- @c re_node_set_insert dup asmalloc, memleak
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index ba44429..aa25e62 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
Bottom: c5756e591f2df4db2169921a9937ae43e5dd0515
-Top: b58480891cc51f5cdfe4434cd3a40ad48edac192
+Top: e8b652117ea1b56a1869c44cc40594c34af2f636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/pattern.texi b/manual/pattern.texi
-index 1966f3f..4b66204 100644
+index 1966f3f..da2c8b6d2 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@@ -113,7 +113,7 @@ index 1966f3f..4b66204 100644
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
-+@c peek_token_bracket dup
++@c peek_token_bracket dup ok
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
@@ -268,12 +268,13 @@ index 1966f3f..4b66204 100644
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
-@@ -885,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
+@@ -885,6 +1130,247 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c libc_lock_lock selfdeadlock, lockleak
-+@c re_search_internal
++@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
@@ -281,7 +282,7 @@ index 1966f3f..4b66204 100644
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
-+@c check_matching
++@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
@@ -292,11 +293,11 @@ index 1966f3f..4b66204 100644
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
-+@c transit_state_bkref
++@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
-+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@@ -307,8 +308,8 @@ index 1966f3f..4b66204 100644
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
-+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
@@ -343,9 +344,9 @@ index 1966f3f..4b66204 100644
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
-+@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
++@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+@c re_node_set_init_empty dup ok
-+@c check_node_accept_bytes (maybe glocale), ***wcscoll
++@c check_node_accept_bytes glocale, asmalloc, memleak
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
@@ -359,7 +360,7 @@ index 1966f3f..4b66204 100644
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
-+@c wcscoll ***wcscoll
++@c wcscoll glocale, asmalloc, memleak
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
@@ -375,7 +376,7 @@ index 1966f3f..4b66204 100644
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c find_subexp_node dup
++@c find_subexp_node dup ok
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
@@ -393,11 +394,11 @@ index 1966f3f..4b66204 100644
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c transit_state
-+@c transit_state_mb
++@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
-+@c check_node_accept_bytes dup
++@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
@@ -429,26 +430,26 @@ index 1966f3f..4b66204 100644
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
-+@c merge_state_with_log
++@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
-+@c transit_state_bkref dup
++@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
-+@c merge_state_with_log dup
-+@c check_halt_state_context dup
-+@c prune_impossible_nodes
++@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c check_halt_state_context dup ok
++@c prune_impossible_nodes glocale, asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
-+@c sift_states_backward
++@c sift_states_backward glocale, asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
-+@c update_cur_sifted_state asmalloc, memleak
++@c update_cur_sifted_state glocale, asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
@@ -464,7 +465,7 @@ index 1966f3f..4b66204 100644
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
-+@c sift_states_bkref asmalloc, memleak
++@c sift_states_bkref glocale, asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
@@ -472,7 +473,7 @@ index 1966f3f..4b66204 100644
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
-+@c sift_states_backward dup
++@c sift_states_backward dup glocale, asmalloc, memleak
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
@@ -480,9 +481,9 @@ index 1966f3f..4b66204 100644
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
-+@c build_sifted_states
-+@c sift_states_iter_mb
-+@c check_node_accept_bytes dup
++@c build_sifted_states glocale, asmalloc, memleak
++@c sift_states_iter_mb glocale, asmalloc, memleak
++@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
@@ -515,7 +516,7 @@ index 1966f3f..4b66204 100644
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
-@@ -1047,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
+@@ -1047,6 +1533,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9b9f230ef9957654e167609f80ff8064e6a3026
commit c9b9f230ef9957654e167609f80ff8064e6a3026
Merge: 7887c63 088f4ec d4ee044
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:24 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7887c63c7531ed25d8fabe691bca6ea984e6252c
commit 7887c63c7531ed25d8fabe691bca6ea984e6252c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:24 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 3f8d705..d96adac 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3eb260d75b2037994e4f90ebac51c25c51afded4
-Head: bbf7743976ec2adddb2f60002a8d591211e8d3c7
+Previous: 088f4ecfd9174e8d26f01c2c8f860183e1adade0
+Head: d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
wip-manual-document-mt-safety-pattern.patch: bbf7743976ec2adddb2f60002a8d591211e8d3c7
+ refresh-temp: d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..85df7a2
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,177 @@
+Bottom: b58480891cc51f5cdfe4434cd3a40ad48edac192
+Top: e8b652117ea1b56a1869c44cc40594c34af2f636
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 12:43:23 -0300
+
+Refresh of wip-manual-document-mt-safety-pattern.patch
+
+---
+
+diff --git a/manual/pattern.texi b/manual/pattern.texi
+index 4b66204..da2c8b6d2 100644
+--- a/manual/pattern.texi
++++ b/manual/pattern.texi
+@@ -829,7 +829,7 @@ expression into it by calling @code{regcomp}.
+ @c re_string_fetch_byte dup ok
+ @c re_string_peek_byte dup ok
+ @c re_string_skip_bytes dup ok
+-@c peek_token_bracket dup
++@c peek_token_bracket dup ok
+ @c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@@ -1130,8 +1130,9 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ @c libc_lock_lock selfdeadlock, lockleak
+-@c re_search_internal
++@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_allocate asmalloc, memleak
+ @c re_string_construct_common dup ok
+ @c re_string_realloc_buffers dup asmalloc, memleak
+@@ -1139,7 +1140,7 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c (re_)malloc dup asmalloc, memleak
+ @c re_string_byte_at ok
+ @c re_string_first_byte dup ok
+-@c check_matching
++@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_cur_idx dup ok
+ @c acquire_init_state_context dup asmalloc, memleak
+ @c re_string_context_at ok
+@@ -1150,11 +1151,11 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c match_ctx_add_subtop asmalloc, memleak
+ @c (re_)realloc dup asmalloc, memleak
+ @c calloc dup asmalloc, memleak
+-@c transit_state_bkref
++@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_cur_idx dup ok
+ @c re_string_context_at dup ok
+ @c NOT_SATISFY_NEXT_CONSTRAINT ok
+-@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_get_buffer ok
+ @c search_cur_bkref_entry ok
+ @c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@@ -1165,8 +1166,8 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c build_upper_buffer dup ok (glocale, but optimized)
+ @c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_translate_buffer dup ok
+-@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+-@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c (re_)realloc dup asmalloc, memleak
+ @c re_string_context_at dup ok
+ @c re_node_set_init_1 dup asmalloc, memleak
+@@ -1201,9 +1202,9 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c free_state dup asmalloc, memleak
+ @c re_acquire_state_context dup asmalloc, memleak
+ @c re_node_set_merge dup asmalloc, memleak
+-@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
++@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+ @c re_node_set_init_empty dup ok
+-@c check_node_accept_bytes (maybe glocale), ***wcscoll
++@c check_node_accept_bytes glocale, asmalloc, memleak
+ @c re_string_byte_at dup ok
+ @c re_string_char_size_at dup ok
+ @c re_string_elem_size_at (maybe glocale)
+@@ -1217,7 +1218,7 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c _NL_CURRENT_WORD dup ok
+ @c _NL_CURRENT dup ok
+ @c auto findidx dup ok
+-@c wcscoll ***wcscoll
++@c wcscoll glocale, asmalloc, memleak
+ @c re_node_set_empty dup ok
+ @c re_node_set_merge dup asmalloc, memleak
+ @c re_node_set_free dup asmalloc, memleak
+@@ -1233,7 +1234,7 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c (re_)free dup asmalloc, memleak
+ @c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+-@c find_subexp_node dup
++@c find_subexp_node dup ok
+ @c calloc dup asmalloc, memleak
+ @c check_arrival dup ***
+ @c match_ctx_add_sublast asmalloc, memleak
+@@ -1251,11 +1252,11 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+ @c re_string_eoi dup ok
+ @c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+-@c transit_state
+-@c transit_state_mb
++@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_context_at dup ok
+ @c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+-@c check_node_accept_bytes dup
++@c check_node_accept_bytes dup glocale, asmalloc, memleak
+ @c re_string_cur_idx dup ok
+ @c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_node_set_init_union dup asmalloc, memleak
+@@ -1287,26 +1288,26 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c bitset_merge ok
+ @c calloc dup asmalloc, memleak
+ @c bitset_contain dup ok
+-@c merge_state_with_log
++@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c re_string_cur_idx dup ok
+ @c re_node_set_init_union dup asmalloc, memleak
+ @c re_string_context_at dup ok
+ @c re_node_set_free dup asmalloc, memleak
+ @c check_subexp_matching_top asmalloc, memleak
+ @c match_ctx_add_subtop dup asmalloc, memleak
+-@c transit_state_bkref dup
++@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+ @c find_recover_state
+ @c re_string_cur_idx dup ok
+ @c re_string_skip_bytes dup ok
+-@c merge_state_with_log dup
+-@c check_halt_state_context dup
+-@c prune_impossible_nodes
++@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c check_halt_state_context dup ok
++@c prune_impossible_nodes glocale, asmalloc, memleak
+ @c (re_)malloc dup asmalloc, memleak
+ @c sift_ctx_init ok
+ @c re_node_set_init_empty dup ok
+-@c sift_states_backward
++@c sift_states_backward glocale, asmalloc, memleak
+ @c re_node_set_init_1 dup asmalloc, memleak
+-@c update_cur_sifted_state asmalloc, memleak
++@c update_cur_sifted_state glocale, asmalloc, memleak
+ @c add_epsilon_src_nodes asmalloc, memleak
+ @c re_acquire_state dup asmalloc, memleak
+ @c re_node_set_alloc dup asmalloc, memleak
+@@ -1322,7 +1323,7 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c re_node_set_remove_at dup ok
+ @c re_node_set_contains dup ok
+ @c re_acquire_state dup asmalloc, memleak
+-@c sift_states_bkref asmalloc, memleak
++@c sift_states_bkref glocale, asmalloc, memleak
+ @c search_cur_bkref_entry dup ok
+ @c check_dst_limits ok
+ @c search_cur_bkref_entry dup ok
+@@ -1330,7 +1331,7 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c check_dst_limits_calc_pos_1 ok
+ @c re_node_set_init_copy dup asmalloc, memleak
+ @c re_node_set_insert dup asmalloc, memleak
+-@c sift_states_backward dup
++@c sift_states_backward dup glocale, asmalloc, memleak
+ @c merge_state_array dup asmalloc, memleak
+ @c re_node_set_remove ok
+ @c re_node_set_contains dup ok
+@@ -1338,9 +1339,9 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @c re_node_set_free dup asmalloc, memleak
+ @c re_node_set_free dup asmalloc, memleak
+ @c re_node_set_empty dup ok
+-@c build_sifted_states
+-@c sift_states_iter_mb
+-@c check_node_accept_bytes dup
++@c build_sifted_states glocale, asmalloc, memleak
++@c sift_states_iter_mb glocale, asmalloc, memleak
++@c check_node_accept_bytes dup glocale, asmalloc, memleak
+ @c check_node_accept dup ok
+ @c check_dst_limits dup ok
+ @c re_node_set_insert dup asmalloc, memleak
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
commit d4ee0440dd5f7ec044f9e8e9bf0e99de22a9fb07
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:43:23 2013 -0300
Refresh of wip-manual-document-mt-safety-pattern.patch
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 4b66204..da2c8b6 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -829,7 +829,7 @@ expression into it by calling @code{regcomp}.
@c re_string_fetch_byte dup ok
@c re_string_peek_byte dup ok
@c re_string_skip_bytes dup ok
-@c peek_token_bracket dup
+@c peek_token_bracket dup ok
@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
@@ -1130,8 +1130,9 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@c libc_lock_lock selfdeadlock, lockleak
-@c re_search_internal
+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_allocate asmalloc, memleak
@c re_string_construct_common dup ok
@c re_string_realloc_buffers dup asmalloc, memleak
@@ -1139,7 +1140,7 @@ unless the regular expression contains anchor characters (@samp{^} or
@c (re_)malloc dup asmalloc, memleak
@c re_string_byte_at ok
@c re_string_first_byte dup ok
-@c check_matching
+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_cur_idx dup ok
@c acquire_init_state_context dup asmalloc, memleak
@c re_string_context_at ok
@@ -1150,11 +1151,11 @@ unless the regular expression contains anchor characters (@samp{^} or
@c match_ctx_add_subtop asmalloc, memleak
@c (re_)realloc dup asmalloc, memleak
@c calloc dup asmalloc, memleak
-@c transit_state_bkref
+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_cur_idx dup ok
@c re_string_context_at dup ok
@c NOT_SATISFY_NEXT_CONSTRAINT ok
-@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_get_buffer ok
@c search_cur_bkref_entry ok
@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@@ -1165,8 +1166,8 @@ unless the regular expression contains anchor characters (@samp{^} or
@c build_upper_buffer dup ok (glocale, but optimized)
@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_translate_buffer dup ok
-@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c (re_)realloc dup asmalloc, memleak
@c re_string_context_at dup ok
@c re_node_set_init_1 dup asmalloc, memleak
@@ -1201,9 +1202,9 @@ unless the regular expression contains anchor characters (@samp{^} or
@c free_state dup asmalloc, memleak
@c re_acquire_state_context dup asmalloc, memleak
@c re_node_set_merge dup asmalloc, memleak
-@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
@c re_node_set_init_empty dup ok
-@c check_node_accept_bytes (maybe glocale), ***wcscoll
+@c check_node_accept_bytes glocale, asmalloc, memleak
@c re_string_byte_at dup ok
@c re_string_char_size_at dup ok
@c re_string_elem_size_at (maybe glocale)
@@ -1217,7 +1218,7 @@ unless the regular expression contains anchor characters (@samp{^} or
@c _NL_CURRENT_WORD dup ok
@c _NL_CURRENT dup ok
@c auto findidx dup ok
-@c wcscoll ***wcscoll
+@c wcscoll glocale, asmalloc, memleak
@c re_node_set_empty dup ok
@c re_node_set_merge dup asmalloc, memleak
@c re_node_set_free dup asmalloc, memleak
@@ -1233,7 +1234,7 @@ unless the regular expression contains anchor characters (@samp{^} or
@c (re_)free dup asmalloc, memleak
@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-@c find_subexp_node dup
+@c find_subexp_node dup ok
@c calloc dup asmalloc, memleak
@c check_arrival dup ***
@c match_ctx_add_sublast asmalloc, memleak
@@ -1251,11 +1252,11 @@ unless the regular expression contains anchor characters (@samp{^} or
@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
@c re_string_eoi dup ok
@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-@c transit_state
-@c transit_state_mb
+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_context_at dup ok
@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
-@c check_node_accept_bytes dup
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
@c re_string_cur_idx dup ok
@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_node_set_init_union dup asmalloc, memleak
@@ -1287,26 +1288,26 @@ unless the regular expression contains anchor characters (@samp{^} or
@c bitset_merge ok
@c calloc dup asmalloc, memleak
@c bitset_contain dup ok
-@c merge_state_with_log
+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c re_string_cur_idx dup ok
@c re_node_set_init_union dup asmalloc, memleak
@c re_string_context_at dup ok
@c re_node_set_free dup asmalloc, memleak
@c check_subexp_matching_top asmalloc, memleak
@c match_ctx_add_subtop dup asmalloc, memleak
-@c transit_state_bkref dup
+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
@c find_recover_state
@c re_string_cur_idx dup ok
@c re_string_skip_bytes dup ok
-@c merge_state_with_log dup
-@c check_halt_state_context dup
-@c prune_impossible_nodes
+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_halt_state_context dup ok
+@c prune_impossible_nodes glocale, asmalloc, memleak
@c (re_)malloc dup asmalloc, memleak
@c sift_ctx_init ok
@c re_node_set_init_empty dup ok
-@c sift_states_backward
+@c sift_states_backward glocale, asmalloc, memleak
@c re_node_set_init_1 dup asmalloc, memleak
-@c update_cur_sifted_state asmalloc, memleak
+@c update_cur_sifted_state glocale, asmalloc, memleak
@c add_epsilon_src_nodes asmalloc, memleak
@c re_acquire_state dup asmalloc, memleak
@c re_node_set_alloc dup asmalloc, memleak
@@ -1322,7 +1323,7 @@ unless the regular expression contains anchor characters (@samp{^} or
@c re_node_set_remove_at dup ok
@c re_node_set_contains dup ok
@c re_acquire_state dup asmalloc, memleak
-@c sift_states_bkref asmalloc, memleak
+@c sift_states_bkref glocale, asmalloc, memleak
@c search_cur_bkref_entry dup ok
@c check_dst_limits ok
@c search_cur_bkref_entry dup ok
@@ -1330,7 +1331,7 @@ unless the regular expression contains anchor characters (@samp{^} or
@c check_dst_limits_calc_pos_1 ok
@c re_node_set_init_copy dup asmalloc, memleak
@c re_node_set_insert dup asmalloc, memleak
-@c sift_states_backward dup
+@c sift_states_backward dup glocale, asmalloc, memleak
@c merge_state_array dup asmalloc, memleak
@c re_node_set_remove ok
@c re_node_set_contains dup ok
@@ -1338,9 +1339,9 @@ unless the regular expression contains anchor characters (@samp{^} or
@c re_node_set_free dup asmalloc, memleak
@c re_node_set_free dup asmalloc, memleak
@c re_node_set_empty dup ok
-@c build_sifted_states
-@c sift_states_iter_mb
-@c check_node_accept_bytes dup
+@c build_sifted_states glocale, asmalloc, memleak
+@c sift_states_iter_mb glocale, asmalloc, memleak
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
@c check_node_accept dup ok
@c check_dst_limits dup ok
@c re_node_set_insert dup asmalloc, memleak
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=088f4ecfd9174e8d26f01c2c8f860183e1adade0
commit 088f4ecfd9174e8d26f01c2c8f860183e1adade0
Merge: aba41c2 bbf7743 3eb260d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:28 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aba41c25f734d1d81cbdae3e7e33be50d6291e00
commit aba41c25f734d1d81cbdae3e7e33be50d6291e00
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:28 2013 -0300
push
diff --git a/meta b/meta
index 2969a8d..3f8d705 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 86477a8edf0127f256e096762f505b930595ab13
-Head: d11a5f289468002d2e001e32fbc1db8a8ab6004d
+Previous: 3eb260d75b2037994e4f90ebac51c25c51afded4
+Head: bbf7743976ec2adddb2f60002a8d591211e8d3c7
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -14,21 +14,21 @@ Applied:
manual-document-mt-safety-debug.patch: 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
manual-document-mt-safety-errno.patch: 3c03cf246bde895688e98b832b45fcc835a9d2dc
manual-document-mt-safety-filesys.patch: d11a5f289468002d2e001e32fbc1db8a8ab6004d
+ manual-document-mt-safety-getopt.patch: 31e37cd2c481327f3f02639924b80fded791908f
+ manual-document-mt-safety-libdl.patch: d0718d8b1f3d220eb4f8ffbf095617a5feed49f2
+ manual-document-mt-safety-job.patch: 950462adffbb683bfe87aa0e8e80419c3ebe59f8
+ manual-document-mt-safety-lang.patch: eadd5e24321249b093b22f50057e8396fd887b2d
+ manual-document-mt-safety-llio.patch: 97db8a779b727d321dc9cf106a644fa761073224
+ manual-document-mt-safety-stdio.patch: 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
+ wip-manual-document-mt-safety-math.patch: db9625097d5f7d73d8ba1e10cf6a592ef525404f
+ wip-manual-document-mt-safety-resource.patch: dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
+ wip-manual-document-mt-safety-startup.patch: 230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
+ wip-manual-document-mt-safety-search.patch: 5e0862c9507f9dc42f539d580c22b31cc9feb8df
+ wip-manual-document-mt-safety-string.patch: 18ca074b1729953c82b2ccfbe825c115d2e92612
+ wip-manual-document-mt-safety-terminal.patch: fe3192904116fc22495af608394faa50f46a1da0
+ wip-manual-document-mt-safety-threads.patch: 0130f8b910297080deea57ff964d8984d8d8df56
+ wip-manual-document-mt-safety-time.patch: 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
+ wip-manual-document-mt-safety-locale.patch: e20d050989275a4938846e2098120ac93bb27b73
+ wip-manual-document-mt-safety-pattern.patch: bbf7743976ec2adddb2f60002a8d591211e8d3c7
Unapplied:
- manual-document-mt-safety-getopt.patch: fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
- manual-document-mt-safety-libdl.patch: ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
- manual-document-mt-safety-job.patch: 917a111878057a3254a5aae2a9e436e2da0521f2
- manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
- manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
- manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
- wip-manual-document-mt-safety-math.patch: 0666d6743488860ce4130ed89f79bdda045e1559
- wip-manual-document-mt-safety-resource.patch: e1924a257ca4ba889b69af5907ca22f235fac6c9
- wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
- wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
- wip-manual-document-mt-safety-string.patch: 80f55c2d25e3968c30f5846ffabc81dedc50f709
- wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
- wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
- wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
- wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
- wip-manual-document-mt-safety-pattern.patch: 286fc6e694c6817dda55cebcdac48f49d58232ff
Hidden:
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index bcdbbf6..7c5d5f3 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: 157f057fc8982c458959738c2a2c8d76e6c12c7e
-Top: ec1fe87f340be1e74d6dfed9db87effb228b388c
+Bottom: f6c126b4dc97b984cc91ac7d62ba41848149e9bc
+Top: 817c6f30f8e3616b52468c73f41d9f6a37a6e89e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:56 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 9cca92e..3905123 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 5b7b7d31d8b0edd9f840eb090384f78097436481
-Top: 9b155e11463623a6a0bb95400b2498182e34583a
+Bottom: ddc946d17210c5130384fb55efeed7143f007760
+Top: 5300149194f438df3eae0bfb33b9436f847c1b20
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:57 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index b53eeb2..fe88a7d 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 9b155e11463623a6a0bb95400b2498182e34583a
-Top: 9b7095b69b6581c1fcfb8e18046f496fbc149994
+Bottom: 5300149194f438df3eae0bfb33b9436f847c1b20
+Top: 1a5b7077b01377d6fdec0081ffac9c13cf037009
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:57 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 02605ec..7c350fa 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: ec1fe87f340be1e74d6dfed9db87effb228b388c
-Top: 5b7b7d31d8b0edd9f840eb090384f78097436481
+Bottom: 817c6f30f8e3616b52468c73f41d9f6a37a6e89e
+Top: ddc946d17210c5130384fb55efeed7143f007760
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:57 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index f160a84..69cf5e1 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 9b7095b69b6581c1fcfb8e18046f496fbc149994
-Top: 7fe65183ca01afbf35f279fb8a0031a5633d2a1e
+Bottom: 1a5b7077b01377d6fdec0081ffac9c13cf037009
+Top: dbeae1070d7f82bd45fdd09f92ac8b9617a600a7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:57 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index bb2b074..9a6df66 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 7fe65183ca01afbf35f279fb8a0031a5633d2a1e
-Top: 642718307250c62d80e83e8ad81aafb696296a92
+Bottom: dbeae1070d7f82bd45fdd09f92ac8b9617a600a7
+Top: f26c5c6c4721a7c34f60aa5f7bc732d04153cd64
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6e6dca0..d7b5c64 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 344a5475cfbcc32876fb401e993b1a6146c02663
-Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Bottom: 3c7783bfe7de272998ff4b6668ff58fb27d5195e
+Top: c5756e591f2df4db2169921a9937ae43e5dd0515
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 3c5a4de..b0d3038 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 642718307250c62d80e83e8ad81aafb696296a92
-Top: 96d250ae32036f1399b1ebae76631dbb2b62738d
+Bottom: f26c5c6c4721a7c34f60aa5f7bc732d04153cd64
+Top: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index b21a30e..ba44429 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
-Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
-Top: 97c391126dfad97118d4c685597254faf62e03f0
+Bottom: c5756e591f2df4db2169921a9937ae43e5dd0515
+Top: b58480891cc51f5cdfe4434cd3a40ad48edac192
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 50011fd..d6f39ef 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 96d250ae32036f1399b1ebae76631dbb2b62738d
-Top: eac45389ac7f46a006c5b0650e399877b77691df
+Bottom: 1edf7473ed3adfbf39a7390aa6530490cabd4b27
+Top: 1af05f5ff3de999f0b097ad6ce65923b3cdc2986
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 0ff2c46..3153fc6 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: b6f83a85b4b377bb75e56263833cab93a55fe8aa
-Top: 974b65fdd740c5be01caf8296db702b20af31f6e
+Bottom: 3a4ad95549c1eb22a0990741b208dcf7f9df2109
+Top: a15b9967cd628c7e743a12baa7c51939942c7221
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 39696d9..1777e85 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: eac45389ac7f46a006c5b0650e399877b77691df
-Top: b6f83a85b4b377bb75e56263833cab93a55fe8aa
+Bottom: 1af05f5ff3de999f0b097ad6ce65923b3cdc2986
+Top: 3a4ad95549c1eb22a0990741b208dcf7f9df2109
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 40e01f8..b2366af 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 974b65fdd740c5be01caf8296db702b20af31f6e
-Top: b9bca735e36722eeee271d7923615db34ab3b069
+Bottom: a15b9967cd628c7e743a12baa7c51939942c7221
+Top: a93874fc96e3fc2953e3dbc25075e40aed26e303
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 2515ce5..d2d2e45 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
-Top: f01ba8b728460fbc54e782ace50ff470524c4f8c
+Bottom: a93874fc96e3fc2953e3dbc25075e40aed26e303
+Top: 5feb2a01420811fae094f7c765bf93748917c28a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index b39e2e9..858f0f5 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: f01ba8b728460fbc54e782ace50ff470524c4f8c
-Top: 8247b1a7d1b5c98f69462719f1ee387fea7ccb9a
+Bottom: 5feb2a01420811fae094f7c765bf93748917c28a
+Top: c2d062247b8bc834da6c82aa7cfd32a9bd64b195
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 749f456..1db2359 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 8247b1a7d1b5c98f69462719f1ee387fea7ccb9a
-Top: 344a5475cfbcc32876fb401e993b1a6146c02663
+Bottom: c2d062247b8bc834da6c82aa7cfd32a9bd64b195
+Top: 3c7783bfe7de272998ff4b6668ff58fb27d5195e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8208554d81801665bf30d80e86a9d43b6036428d
commit 8208554d81801665bf30d80e86a9d43b6036428d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..da2c8b6 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup ok
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,247 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes glocale, asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes glocale, asmalloc, memleak
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll glocale, asmalloc, memleak
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup ok
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state_mb glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c check_halt_state_context dup ok
+@c prune_impossible_nodes glocale, asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward glocale, asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state glocale, asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref glocale, asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup glocale, asmalloc, memleak
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states glocale, asmalloc, memleak
+@c sift_states_iter_mb glocale, asmalloc, memleak
+@c check_node_accept_bytes dup glocale, asmalloc, memleak
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1533,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bbf7743976ec2adddb2f60002a8d591211e8d3c7
commit bbf7743976ec2adddb2f60002a8d591211e8d3c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..4b66204 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes (maybe glocale), ***wcscoll
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll ***wcscoll
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state
+@c transit_state_mb
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup
+@c check_halt_state_context dup
+@c prune_impossible_nodes
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states
+@c sift_states_iter_mb
+@c check_node_accept_bytes dup
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e20d050989275a4938846e2098120ac93bb27b73
commit e20d050989275a4938846e2098120ac93bb27b73
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..11c9dc7 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
@@ -1185,6 +1329,8 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
+@c regfree, regcomp and regexec.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a43e38278e86406b56895d8bf3b3040b0c1ebbb
commit 3a43e38278e86406b56895d8bf3b3040b0c1ebbb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0130f8b910297080deea57ff964d8984d8d8df56
commit 0130f8b910297080deea57ff964d8984d8d8df56
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe3192904116fc22495af608394faa50f46a1da0
commit fe3192904116fc22495af608394faa50f46a1da0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=18ca074b1729953c82b2ccfbe825c115d2e92612
commit 18ca074b1729953c82b2ccfbe825c115d2e92612
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=97db8a779b727d321dc9cf106a644fa761073224
commit 97db8a779b727d321dc9cf106a644fa761073224
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=db9625097d5f7d73d8ba1e10cf6a592ef525404f
commit db9625097d5f7d73d8ba1e10cf6a592ef525404f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5e0862c9507f9dc42f539d580c22b31cc9feb8df
commit 5e0862c9507f9dc42f539d580c22b31cc9feb8df
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eadd5e24321249b093b22f50057e8396fd887b2d
commit eadd5e24321249b093b22f50057e8396fd887b2d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
commit 63ec6cc0ec5f71f1e34e18def7b86eda75a61ce8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 30630ca..9ffe87b 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger than @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale, asmalloc, memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
commit 230f153ea88ba8ed2cb29f2e2ef3cc40951f6225
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=950462adffbb683bfe87aa0e8e80419c3ebe59f8
commit 950462adffbb683bfe87aa0e8e80419c3ebe59f8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
commit dcd90718c551e61f1cbeab38fa4363d8a7a32bd2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d0718d8b1f3d220eb4f8ffbf095617a5feed49f2
commit d0718d8b1f3d220eb4f8ffbf095617a5feed49f2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=31e37cd2c481327f3f02639924b80fded791908f
commit 31e37cd2c481327f3f02639924b80fded791908f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3eb260d75b2037994e4f90ebac51c25c51afded4
commit 3eb260d75b2037994e4f90ebac51c25c51afded4
Merge: de83f27 d11a5f2 86477a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:19 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=de83f2729b57b537b66a3e179ba5939f6923d535
commit de83f2729b57b537b66a3e179ba5939f6923d535
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:19 2013 -0300
refresh
diff --git a/meta b/meta
index b0e4a07..2969a8d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5abf433f4506e28fd73fd2b3dc1e5643add6bf53
-Head: 70482a4a8b5600e7458a51b6abf9728680496aab
+Previous: 86477a8edf0127f256e096762f505b930595ab13
+Head: d11a5f289468002d2e001e32fbc1db8a8ab6004d
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -13,8 +13,7 @@ Applied:
manual-document-mt-safety-ctype.patch: dbe30b42d6c674a6d02343411c9d29f4bbab2084
manual-document-mt-safety-debug.patch: 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
manual-document-mt-safety-errno.patch: 3c03cf246bde895688e98b832b45fcc835a9d2dc
- manual-document-mt-safety-filesys.patch: 76884a41c04d96b2e1bab16fd4f76157c306fc81
- refresh-temp: 70482a4a8b5600e7458a51b6abf9728680496aab
+ manual-document-mt-safety-filesys.patch: d11a5f289468002d2e001e32fbc1db8a8ab6004d
Unapplied:
manual-document-mt-safety-getopt.patch: fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
manual-document-mt-safety-libdl.patch: ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 147c536..9e611e5 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
Bottom: cd380e093eb8bd489394de0daad301f35820b2e8
-Top: 157f057fc8982c458959738c2a2c8d76e6c12c7e
+Top: f6c126b4dc97b984cc91ac7d62ba41848149e9bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:56 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1cac453..182fd33 100644
+index 1cac453..cd23ff6d3 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@@ -222,7 +222,7 @@ index 1cac453..182fd33 100644
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
@@ -231,8 +231,8 @@ index 1cac453..182fd33 100644
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls strverscmp.
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Calls strverscmp, which will evaluate .
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -249,7 +249,7 @@ index 1cac453..182fd33 100644
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
@@ -258,7 +258,7 @@ index 1cac453..182fd33 100644
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index ff66e17..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,51 +0,0 @@
-Bottom: 157f057fc8982c458959738c2a2c8d76e6c12c7e
-Top: f6c126b4dc97b984cc91ac7d62ba41848149e9bc
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 12:34:18 -0300
-
-Refresh of manual-document-mt-safety-filesys.patch
-
----
-
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 182fd33..cd23ff6d3 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -749,7 +749,7 @@ are very helpful for this purpose.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
--@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
- @c Calls strcoll.
- The @code{alphasort} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
-@@ -763,8 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
--@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
--@c Calls strverscmp.
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Calls strverscmp, which will evaluate .
- The @code{versionsort} function is like @code{alphasort} except that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -797,7 +797,7 @@ argument. Instead we provide the two replacement functions below.
- @comment dirent.h
- @comment GNU
- @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
--@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
- @c See alphasort.
- The @code{alphasort64} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
-@@ -811,7 +811,7 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
--@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- @c See versionsort.
- The @code{versionsort64} function is like @code{alphasort64}, excepted that it
- uses the @code{strverscmp} function internally.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=86477a8edf0127f256e096762f505b930595ab13
commit 86477a8edf0127f256e096762f505b930595ab13
Merge: 82c8d99 5abf433 70482a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:19 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=82c8d996b6adbcf1148d5d6b610c1cae0200fc05
commit 82c8d996b6adbcf1148d5d6b610c1cae0200fc05
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:19 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index a632c5b..b0e4a07 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a06afebee80c99a32f02cd410290a65b5f7e40f6
-Head: 76884a41c04d96b2e1bab16fd4f76157c306fc81
+Previous: 5abf433f4506e28fd73fd2b3dc1e5643add6bf53
+Head: 70482a4a8b5600e7458a51b6abf9728680496aab
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
manual-document-mt-safety-errno.patch: 3c03cf246bde895688e98b832b45fcc835a9d2dc
manual-document-mt-safety-filesys.patch: 76884a41c04d96b2e1bab16fd4f76157c306fc81
+ refresh-temp: 70482a4a8b5600e7458a51b6abf9728680496aab
Unapplied:
manual-document-mt-safety-getopt.patch: fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
manual-document-mt-safety-libdl.patch: ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..ff66e17
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,51 @@
+Bottom: 157f057fc8982c458959738c2a2c8d76e6c12c7e
+Top: f6c126b4dc97b984cc91ac7d62ba41848149e9bc
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 12:34:18 -0300
+
+Refresh of manual-document-mt-safety-filesys.patch
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 182fd33..cd23ff6d3 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -749,7 +749,7 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+ @c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+@@ -763,8 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+-@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+-@c Calls strverscmp.
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Calls strverscmp, which will evaluate .
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -797,7 +797,7 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+ @c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+@@ -811,7 +811,7 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+-@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ @c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=70482a4a8b5600e7458a51b6abf9728680496aab
commit 70482a4a8b5600e7458a51b6abf9728680496aab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:18 2013 -0300
Refresh of manual-document-mt-safety-filesys.patch
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 182fd33..cd23ff6 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -749,7 +749,7 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
@@ -763,8 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-@c Calls strverscmp.
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Calls strverscmp, which will evaluate .
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -797,7 +797,7 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
@@ -811,7 +811,7 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5abf433f4506e28fd73fd2b3dc1e5643add6bf53
commit 5abf433f4506e28fd73fd2b3dc1e5643add6bf53
Merge: cb606d1 a06afeb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:07 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cb606d15951e191acc9fdf75af2d6918c060751a
commit cb606d15951e191acc9fdf75af2d6918c060751a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:34:07 2013 -0300
goto
diff --git a/meta b/meta
index 0c57229..a632c5b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 156c4fb10efc6d333ac5f9e9b17abd2264f6bf02
-Head: 80f55c2d25e3968c30f5846ffabc81dedc50f709
+Previous: a06afebee80c99a32f02cd410290a65b5f7e40f6
+Head: 76884a41c04d96b2e1bab16fd4f76157c306fc81
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
manual-document-mt-safety-errno.patch: 3c03cf246bde895688e98b832b45fcc835a9d2dc
manual-document-mt-safety-filesys.patch: 76884a41c04d96b2e1bab16fd4f76157c306fc81
+Unapplied:
manual-document-mt-safety-getopt.patch: fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
manual-document-mt-safety-libdl.patch: ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
manual-document-mt-safety-job.patch: 917a111878057a3254a5aae2a9e436e2da0521f2
@@ -25,7 +26,6 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
wip-manual-document-mt-safety-string.patch: 80f55c2d25e3968c30f5846ffabc81dedc50f709
-Unapplied:
wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a06afebee80c99a32f02cd410290a65b5f7e40f6
commit a06afebee80c99a32f02cd410290a65b5f7e40f6
Merge: 3825b5d 156c4fb 80f55c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:28:54 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3825b5d7dff2420a8d8e7789769ce25942db3257
commit 3825b5d7dff2420a8d8e7789769ce25942db3257
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:28:54 2013 -0300
refresh
diff --git a/meta b/meta
index 4814f00..0c57229 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 26b0af44900a2634db1e3d833b3eed38af2ab556
-Head: de04419f9e61fa674b484151504612f6ec201644
+Previous: 156c4fb10efc6d333ac5f9e9b17abd2264f6bf02
+Head: 80f55c2d25e3968c30f5846ffabc81dedc50f709
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -24,8 +24,7 @@ Applied:
wip-manual-document-mt-safety-resource.patch: e1924a257ca4ba889b69af5907ca22f235fac6c9
wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
- wip-manual-document-mt-safety-string.patch: 241e5dd068f11629bd72636268cfb0330d352e02
- refresh-temp: de04419f9e61fa674b484151504612f6ec201644
+ wip-manual-document-mt-safety-string.patch: 80f55c2d25e3968c30f5846ffabc81dedc50f709
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 88817ad..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,34 +0,0 @@
-Bottom: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
-Top: b9bca735e36722eeee271d7923615db34ab3b069
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 12:28:53 -0300
-
-Refresh of wip-manual-document-mt-safety-string.patch
-
----
-
-diff --git a/manual/string.texi b/manual/string.texi
-index 173306c..b63a849 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -1350,8 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
- @comment string.h
- @comment ISO
- @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
--@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
--@c Adjust alphasort one safety info is determined.
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
-+@c Calls strcoll_l with the current locale, which dereferences only the
-+@c LC_COLLATE data pointer.
- The @code{strcoll} function is similar to @code{strcmp} but uses the
- collating sequence of the current locale for collation (the
- @code{LC_COLLATE} locale).
-@@ -1360,6 +1361,8 @@ collating sequence of the current locale for collation (the
- @comment wchar.h
- @comment ISO
- @deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
-+@c Same as strcoll, but calling wcscoll_l.
- The @code{wcscoll} function is similar to @code{wcscmp} but uses the
- collating sequence of the current locale for collation (the
- @code{LC_COLLATE} locale).
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index b6c4a09..40e01f8 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
Bottom: 974b65fdd740c5be01caf8296db702b20af31f6e
-Top: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
+Top: b9bca735e36722eeee271d7923615db34ab3b069
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/string.texi b/manual/string.texi
-index 2a164a9..173306c 100644
+index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@@ -37,16 +37,26 @@ index 2a164a9..173306c 100644
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
-@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Adjust alphasort one safety info is determined.
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c Calls strcoll_l with the current locale, which dereferences only the
++@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
-@@ -1637,6 +1646,7 @@ This function is a GNU extension.
+@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c Same as strcoll, but calling wcscoll_l.
+ The @code{wcscoll} function is similar to @code{wcscmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
+@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
@@ -54,7 +64,7 @@ index 2a164a9..173306c 100644
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
-@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
+@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
@@ -62,7 +72,7 @@ index 2a164a9..173306c 100644
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
-@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
+@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=156c4fb10efc6d333ac5f9e9b17abd2264f6bf02
commit 156c4fb10efc6d333ac5f9e9b17abd2264f6bf02
Merge: ebf1d48 26b0af4 de04419
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:28:53 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebf1d481944c8e53c60f3e38fae28231c32dc0ed
commit ebf1d481944c8e53c60f3e38fae28231c32dc0ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:28:53 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 7ce94ff..4814f00 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f20bbacd9e056e493020aac8fa0d020040c0b499
-Head: 241e5dd068f11629bd72636268cfb0330d352e02
+Previous: 26b0af44900a2634db1e3d833b3eed38af2ab556
+Head: de04419f9e61fa674b484151504612f6ec201644
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -25,6 +25,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
wip-manual-document-mt-safety-string.patch: 241e5dd068f11629bd72636268cfb0330d352e02
+ refresh-temp: de04419f9e61fa674b484151504612f6ec201644
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..88817ad
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,34 @@
+Bottom: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
+Top: b9bca735e36722eeee271d7923615db34ab3b069
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 12:28:53 -0300
+
+Refresh of wip-manual-document-mt-safety-string.patch
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index 173306c..b63a849 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1350,8 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+ @comment string.h
+ @comment ISO
+ @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+-@c Adjust alphasort one safety info is determined.
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c Calls strcoll_l with the current locale, which dereferences only the
++@c LC_COLLATE data pointer.
+ The @code{strcoll} function is similar to @code{strcmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
+@@ -1360,6 +1361,8 @@ collating sequence of the current locale for collation (the
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c Same as strcoll, but calling wcscoll_l.
+ The @code{wcscoll} function is similar to @code{wcscmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=de04419f9e61fa674b484151504612f6ec201644
commit de04419f9e61fa674b484151504612f6ec201644
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:28:53 2013 -0300
Refresh of wip-manual-document-mt-safety-string.patch
diff --git a/manual/string.texi b/manual/string.texi
index 173306c..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1350,8 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
-@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-@c Adjust alphasort one safety info is determined.
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1360,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=26b0af44900a2634db1e3d833b3eed38af2ab556
commit 26b0af44900a2634db1e3d833b3eed38af2ab556
Merge: 3bde481 f20bbac
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:21:09 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3bde481177a447d8ca4c23f92e2ecee15094f4ef
commit 3bde481177a447d8ca4c23f92e2ecee15094f4ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:21:09 2013 -0300
goto
diff --git a/meta b/meta
index afd181a..7ce94ff 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b7f5fb7fb8aab1cde840ccc066ece2c9d0aac5de
-Head: 286fc6e694c6817dda55cebcdac48f49d58232ff
+Previous: f20bbacd9e056e493020aac8fa0d020040c0b499
+Head: 241e5dd068f11629bd72636268cfb0330d352e02
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -25,10 +25,10 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
wip-manual-document-mt-safety-string.patch: 241e5dd068f11629bd72636268cfb0330d352e02
+Unapplied:
wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
wip-manual-document-mt-safety-pattern.patch: 286fc6e694c6817dda55cebcdac48f49d58232ff
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f20bbacd9e056e493020aac8fa0d020040c0b499
commit f20bbacd9e056e493020aac8fa0d020040c0b499
Merge: dc036a2 286fc6e b7f5fb7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:19:22 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc036a2737efd678e1153bcd5a61d2eb4eaac277
commit dc036a2737efd678e1153bcd5a61d2eb4eaac277
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:19:22 2013 -0300
refresh
diff --git a/meta b/meta
index 533e51d..afd181a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ac662fe6d252a3d5739fc99789ddeb4816704ba0
-Head: b37401d04453d34fc6314fdc54606a46e8fb2627
+Previous: b7f5fb7fb8aab1cde840ccc066ece2c9d0aac5de
+Head: 286fc6e694c6817dda55cebcdac48f49d58232ff
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
- wip-manual-document-mt-safety-pattern.patch: e8af539713392c27e540158b90c5c8c57a34dde0
- refresh-temp: b37401d04453d34fc6314fdc54606a46e8fb2627
+ wip-manual-document-mt-safety-pattern.patch: 286fc6e694c6817dda55cebcdac48f49d58232ff
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 5185196..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,526 +0,0 @@
-Bottom: 43752d35196008e73c5b6234ceb965ba6b80c8ef
-Top: 97c391126dfad97118d4c685597254faf62e03f0
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 12:19:21 -0300
-
-Refresh of wip-manual-document-mt-safety-pattern.patch
-
----
-
-diff --git a/manual/pattern.texi b/manual/pattern.texi
-index 376566e..4b66204 100644
---- a/manual/pattern.texi
-+++ b/manual/pattern.texi
-@@ -736,10 +736,251 @@ expression into it by calling @code{regcomp}.
- @comment regex.h
- @comment POSIX.2
- @deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
--@c (re_)malloc
--@c re_compile_internal
--@c re_compile_fastmap
--@c (re_)free
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c All of the issues have to do with memory allocation and multi-byte
-+@c character handling present in the input string, or implied by ranges
-+@c or inverted character classes.
-+@c (re_)malloc asmalloc, memleak
-+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
-+@c callers that don't zero the buffer)
-+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c (re_)malloc asmalloc, memleak
-+@c calloc asmalloc, memleak
-+@c _NL_CURRENT ok
-+@c _NL_CURRENT_WORD ok
-+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c libc_lock_init ok
-+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_construct_common ok
-+@c re_string_realloc_buffers asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c isascii ok
-+@c mbsinit ok
-+@c toupper ok
-+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c iswlower glocale
-+@c towupper glocale
-+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c build_upper_buffer ok (glocale, but optimized)
-+@c islower ok
-+@c toupper ok
-+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_translate_buffer ok
-+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c peek_token ok (maybe glocale)
-+@c re_string_eoi ok
-+@c re_string_peek_byte ok
-+@c re_string_cur_idx ok
-+@c re_string_length ok
-+@c re_string_peek_byte_case ok (maybe glocale)
-+@c re_string_peek_byte dup ok
-+@c re_string_is_single_byte_char ok
-+@c isascii ok
-+@c re_string_peek_byte dup ok
-+@c re_string_wchar_at ok
-+@c re_string_skip_bytes ok
-+@c re_string_skip_bytes dup ok
-+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c create_token_tree dup asmalloc, memleak
-+@c re_string_eoi dup ok
-+@c re_string_first_byte ok
-+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c create_tree dup asmalloc, memleak
-+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c postorder() asmalloc, memleak
-+@c free_tree asmalloc, memleak
-+@c free_token dup asmalloc, memleak
-+@c create_tree dup asmalloc, memleak
-+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c _NL_CURRENT dup ok
-+@c _NL_CURRENT_WORD dup ok
-+@c calloc dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c peek_token_bracket ok
-+@c re_string_eoi dup ok
-+@c re_string_peek_byte dup ok
-+@c re_string_first_byte dup ok
-+@c re_string_cur_idx dup ok
-+@c re_string_length dup ok
-+@c re_string_skip_bytes dup ok
-+@c bitset_set ok
-+@c re_string_skip_bytes ok
-+@c parse_bracket_element ok (maybe glocale)
-+@c re_string_char_size_at ok
-+@c re_string_wchar_at dup ok
-+@c re_string_skip_bytes dup ok
-+@c parse_bracket_symbol ok (maybe glocale)
-+@c re_string_eoi dup ok
-+@c re_string_fetch_byte_case ok (maybe glocale)
-+@c re_string_fetch_byte ok
-+@c re_string_first_byte dup ok
-+@c isascii ok
-+@c re_string_char_size_at dup ok
-+@c re_string_skip_bytes dup ok
-+@c re_string_fetch_byte dup ok
-+@c re_string_peek_byte dup ok
-+@c re_string_skip_bytes dup ok
-+@c peek_token_bracket dup
-+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c collseq_table_lookup ok
-+@c auto seek_collating_symbol_entry dup ok
-+@c (re_)realloc dup asmalloc, memleak
-+@c collseq_table_lookup dup ok
-+@c bitset_set dup ok
-+@c (re_)realloc dup asmalloc, memleak
-+@c build_equiv_class (maybe glocale), asmalloc, memleak
-+@c _NL_CURRENT ok
-+@c auto findidx ok
-+@c bitset_set dup ok
-+@c (re_)realloc dup asmalloc, memleak
-+@c auto build_collating_symbol asmalloc, memleak
-+@c auto seek_collating_symbol_entry ok
-+@c bitset_set dup ok
-+@c (re_)realloc dup asmalloc, memleak
-+@c build_charclass (maybe glocale), asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c bitset_set dup ok
-+@c isalnum ok
-+@c iscntrl ok
-+@c isspace ok
-+@c isalpha ok
-+@c isdigit ok
-+@c isprint ok
-+@c isupper ok
-+@c isblank ok
-+@c isgraph ok
-+@c ispunct ok
-+@c isxdigit ok
-+@c bitset_not ok
-+@c bitset_mask ok
-+@c create_token_tree dup asmalloc, memleak
-+@c create_tree dup asmalloc, memleak
-+@c free_charset dup asmalloc, memleak
-+@c init_word_char (maybe glocale)
-+@c isalnum ok
-+@c build_charclass_op (maybe glocale), asmalloc, memleak
-+@c calloc dup asmalloc, memleak
-+@c build_charclass dup (maybe glocale), asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c free_charset dup asmalloc, memleak
-+@c bitset_set dup ok
-+@c bitset_not dup ok
-+@c bitset_mask dup ok
-+@c create_token_tree dup asmalloc, memleak
-+@c create_tree dup asmalloc, memleak
-+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_cur_idx dup ok
-+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_set_index ok
-+@c postorder() asmalloc, memleak
-+@c free_tree dup asmalloc, memleak
-+@c mark_opt_subexp ok
-+@c duplicate_tree asmalloc, memleak
-+@c create_token_tree dup asmalloc, memleak
-+@c create_tree dup asmalloc, memleak
-+@c postorder() asmalloc, memleak
-+@c free_tree dup asmalloc, memleak
-+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c create_tree dup asmalloc, memleak
-+@c create_tree asmalloc, memleak
-+@c create_token_tree asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c analyze asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c preorder() asmalloc, memleak
-+@c optimize_subexps ok
-+@c calc_next ok
-+@c link_nfa_nodes asmalloc, memleak
-+@c re_node_set_init_1 asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c re_node_set_init_2 asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c postorder() asmalloc, memleak
-+@c lower_subexps asmalloc, memleak
-+@c lower_subexp asmalloc, memleak
-+@c create_tree dup asmalloc, memleak
-+@c calc_first asmalloc, memleak
-+@c re_dfa_add_node asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c re_node_set_init_empty ok
-+@c calc_eclosure asmalloc, memleak
-+@c calc_eclosure_iter asmalloc, memleak
-+@c re_node_set_alloc asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c duplicate_node_closure asmalloc, memleak
-+@c re_node_set_empty ok
-+@c duplicate_node asmalloc, memleak
-+@c re_dfa_add_node dup asmalloc, memleak
-+@c re_node_set_insert asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c search_duplicated_node ok
-+@c re_node_set_merge asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c re_node_set_free asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c calc_inveclosure asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c re_node_set_insert_last asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c optimize_utf8 ok
-+@c create_initial_state asmalloc, memleak
-+@c re_node_set_init_copy asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c re_node_set_contains ok
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_acquire_state_context asmalloc, memleak
-+@c calc_state_hash ok
-+@c re_node_set_compare ok
-+@c create_cd_newstate asmalloc, memleak
-+@c calloc dup asmalloc, memleak
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c free_state asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c NOT_SATISFY_PREV_CONSTRAINT ok
-+@c re_node_set_remove_at ok
-+@c register_state asmalloc, memleak
-+@c re_node_set_alloc dup asmalloc, memleak
-+@c re_node_set_insert_last dup asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c free_workarea_compile asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c re_string_destruct asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c free_dfa_content asmalloc, memleak
-+@c free_token asmalloc, memleak
-+@c free_charset asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_set_fastmap ok
-+@c tolower ok
-+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c towlower glocale
-+@c _NL_CURRENT ok
-+@c (re_)free asmalloc, memleak
- The function @code{regcomp} ``compiles'' a regular expression into a
- data structure that you can use with @code{regexec} to match against a
- string. The compiled regular expression format is designed for
-@@ -889,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
- @comment regex.h
- @comment POSIX.2
- @deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
-+@c libc_lock_lock selfdeadlock, lockleak
-+@c re_search_internal
-+@c re_string_allocate asmalloc, memleak
-+@c re_string_construct_common dup ok
-+@c re_string_realloc_buffers dup asmalloc, memleak
-+@c match_ctx_init asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c re_string_byte_at ok
-+@c re_string_first_byte dup ok
-+@c check_matching
-+@c re_string_cur_idx dup ok
-+@c acquire_init_state_context dup asmalloc, memleak
-+@c re_string_context_at ok
-+@c re_string_byte_at dup ok
-+@c bitset_contain ok
-+@c re_acquire_state_context dup asmalloc, memleak
-+@c check_subexp_matching_top asmalloc, memleak
-+@c match_ctx_add_subtop asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c calloc dup asmalloc, memleak
-+@c transit_state_bkref
-+@c re_string_cur_idx dup ok
-+@c re_string_context_at dup ok
-+@c NOT_SATISFY_NEXT_CONSTRAINT ok
-+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c re_string_get_buffer ok
-+@c search_cur_bkref_entry ok
-+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_realloc_buffers dup asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c build_upper_buffer dup ok (glocale, but optimized)
-+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_string_translate_buffer dup ok
-+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
-+@c (re_)realloc dup asmalloc, memleak
-+@c re_string_context_at dup ok
-+@c re_node_set_init_1 dup asmalloc, memleak
-+@c check_arrival_expand_ecl asmalloc, memleak
-+@c re_node_set_alloc dup asmalloc, memleak
-+@c find_subexp_node ok
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c check_arrival_expand_ecl_sub asmalloc, memleak
-+@c re_node_set_contains dup ok
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c expand_bkref_cache asmalloc, memleak
-+@c search_cur_bkref_entry dup ok
-+@c re_node_set_contains dup ok
-+@c re_node_set_init_1 dup asmalloc, memleak
-+@c check_arrival_expand_ecl dup asmalloc, memleak
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_acquire_state asmalloc, memleak
-+@c calc_state_hash dup ok
-+@c re_node_set_compare dup ok
-+@c create_ci_newstate asmalloc, memleak
-+@c calloc dup asmalloc, memleak
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c register_state dup asmalloc, memleak
-+@c free_state dup asmalloc, memleak
-+@c re_acquire_state_context dup asmalloc, memleak
-+@c re_node_set_merge dup asmalloc, memleak
-+@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
-+@c re_node_set_init_empty dup ok
-+@c check_node_accept_bytes (maybe glocale), ***wcscoll
-+@c re_string_byte_at dup ok
-+@c re_string_char_size_at dup ok
-+@c re_string_elem_size_at (maybe glocale)
-+@c _NL_CURRENT_WORD dup ok
-+@c _NL_CURRENT dup ok
-+@c auto findidx dup ok
-+@c _NL_CURRENT_WORD dup ok
-+@c _NL_CURRENT dup ok
-+@c collseq_table_lookup dup ok
-+@c find_collation_sequence_value (maybe glocale)
-+@c _NL_CURRENT_WORD dup ok
-+@c _NL_CURRENT dup ok
-+@c auto findidx dup ok
-+@c wcscoll ***wcscoll
-+@c re_node_set_empty dup ok
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_acquire_state dup asmalloc, memleak
-+@c check_node_accept ok
-+@c re_string_byte_at dup ok
-+@c bitset_contain dup ok
-+@c re_string_context_at dup ok
-+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
-+@c match_ctx_add_entry asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c find_subexp_node dup
-+@c calloc dup asmalloc, memleak
-+@c check_arrival dup ***
-+@c match_ctx_add_sublast asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c re_acquire_state_context dup asmalloc, memleak
-+@c re_node_set_init_union asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c re_node_set_free dup asmalloc, memleak
-+@c check_subexp_matching_top dup asmalloc, memleak
-+@c check_halt_state_context ok
-+@c re_string_context_at dup ok
-+@c check_halt_node_context ok
-+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
-+@c re_string_eoi dup ok
-+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c transit_state
-+@c transit_state_mb
-+@c re_string_context_at dup ok
-+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
-+@c check_node_accept_bytes dup
-+@c re_string_cur_idx dup ok
-+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
-+@c re_node_set_init_union dup asmalloc, memleak
-+@c re_acquire_state_context dup asmalloc, memleak
-+@c re_string_fetch_byte dup ok
-+@c re_string_context_at dup ok
-+@c build_trtable asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c group_nodes_into_DFAstates asmalloc, memleak
-+@c bitset_empty dup ok
-+@c bitset_set dup ok
-+@c bitset_merge dup ok
-+@c bitset_set_all ok
-+@c bitset_clear ok
-+@c bitset_contain dup ok
-+@c bitset_copy ok
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_node_set_init_1 dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_alloc dup asmalloc, memleak
-+@c malloc dup asmalloc, memleak
-+@c free dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c bitset_empty ok
-+@c re_node_set_empty dup ok
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_acquire_state_context dup asmalloc, memleak
-+@c bitset_merge ok
-+@c calloc dup asmalloc, memleak
-+@c bitset_contain dup ok
-+@c merge_state_with_log
-+@c re_string_cur_idx dup ok
-+@c re_node_set_init_union dup asmalloc, memleak
-+@c re_string_context_at dup ok
-+@c re_node_set_free dup asmalloc, memleak
-+@c check_subexp_matching_top asmalloc, memleak
-+@c match_ctx_add_subtop dup asmalloc, memleak
-+@c transit_state_bkref dup
-+@c find_recover_state
-+@c re_string_cur_idx dup ok
-+@c re_string_skip_bytes dup ok
-+@c merge_state_with_log dup
-+@c check_halt_state_context dup
-+@c prune_impossible_nodes
-+@c (re_)malloc dup asmalloc, memleak
-+@c sift_ctx_init ok
-+@c re_node_set_init_empty dup ok
-+@c sift_states_backward
-+@c re_node_set_init_1 dup asmalloc, memleak
-+@c update_cur_sifted_state asmalloc, memleak
-+@c add_epsilon_src_nodes asmalloc, memleak
-+@c re_acquire_state dup asmalloc, memleak
-+@c re_node_set_alloc dup asmalloc, memleak
-+@c re_node_set_merge dup asmalloc, memleak
-+@c re_node_set_add_intersect asmalloc, memleak
-+@c (re_)realloc dup asmalloc, memleak
-+@c check_subexp_limits asmalloc, memleak
-+@c sub_epsilon_src_nodes asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c re_node_set_contains dup ok
-+@c re_node_set_add_intersect dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_remove_at dup ok
-+@c re_node_set_contains dup ok
-+@c re_acquire_state dup asmalloc, memleak
-+@c sift_states_bkref asmalloc, memleak
-+@c search_cur_bkref_entry dup ok
-+@c check_dst_limits ok
-+@c search_cur_bkref_entry dup ok
-+@c check_dst_limits_calc_pos ok
-+@c check_dst_limits_calc_pos_1 ok
-+@c re_node_set_init_copy dup asmalloc, memleak
-+@c re_node_set_insert dup asmalloc, memleak
-+@c sift_states_backward dup
-+@c merge_state_array dup asmalloc, memleak
-+@c re_node_set_remove ok
-+@c re_node_set_contains dup ok
-+@c re_node_set_remove_at dup ok
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c re_node_set_empty dup ok
-+@c build_sifted_states
-+@c sift_states_iter_mb
-+@c check_node_accept_bytes dup
-+@c check_node_accept dup ok
-+@c check_dst_limits dup ok
-+@c re_node_set_insert dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c check_halt_state_context dup ok
-+@c merge_state_array asmalloc, memleak
-+@c re_node_set_init_union dup asmalloc, memleak
-+@c re_acquire_state dup asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c set_regs asmalloc, memleak
-+@c (re_)malloc dup asmalloc, memleak
-+@c re_node_set_init_empty dup ok
-+@c free_fail_stack_return asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c update_regs ok
-+@c re_node_set_free dup asmalloc, memleak
-+@c pop_fail_stack asmalloc, memleak
-+@c re_node_set_free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c match_ctx_free asmalloc, memleak
-+@c match_ctx_clean asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c (re_)free dup asmalloc, memleak
-+@c re_string_destruct dup asmalloc, memleak
-+@c libc_lock_unlock lockleak
- This function tries to match the compiled regular expression
- @code{*@var{compiled}} against @var{string}.
-
-@@ -1051,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
- @comment regex.h
- @comment POSIX.2
- @deftypefun void regfree (regex_t *@var{compiled})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
-+@c (re_)free dup asmalloc, memleak
-+@c free_dfa_content dup asmalloc, memleak
- Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
- points to. This includes various internal fields of the @code{regex_t}
- structure that aren't documented in this manual.
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index 86b5d47..b21a30e 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
-Top: 43752d35196008e73c5b6234ceb965ba6b80c8ef
+Top: 97c391126dfad97118d4c685597254faf62e03f0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
@@ -13,17 +13,515 @@ for ChangeLog
---
diff --git a/manual/pattern.texi b/manual/pattern.texi
-index 1966f3f..376566e 100644
+index 1966f3f..4b66204 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
-@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
+@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
-+@c (re_)malloc
-+@c re_compile_internal
-+@c re_compile_fastmap
-+@c (re_)free
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c All of the issues have to do with memory allocation and multi-byte
++@c character handling present in the input string, or implied by ranges
++@c or inverted character classes.
++@c (re_)malloc asmalloc, memleak
++@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
++@c callers that don't zero the buffer)
++@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)malloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c _NL_CURRENT ok
++@c _NL_CURRENT_WORD ok
++@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c libc_lock_init ok
++@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_construct_common ok
++@c re_string_realloc_buffers asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c isascii ok
++@c mbsinit ok
++@c toupper ok
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c iswlower glocale
++@c towupper glocale
++@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)malloc dup asmalloc, memleak
++@c build_upper_buffer ok (glocale, but optimized)
++@c islower ok
++@c toupper ok
++@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_translate_buffer ok
++@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c peek_token ok (maybe glocale)
++@c re_string_eoi ok
++@c re_string_peek_byte ok
++@c re_string_cur_idx ok
++@c re_string_length ok
++@c re_string_peek_byte_case ok (maybe glocale)
++@c re_string_peek_byte dup ok
++@c re_string_is_single_byte_char ok
++@c isascii ok
++@c re_string_peek_byte dup ok
++@c re_string_wchar_at ok
++@c re_string_skip_bytes ok
++@c re_string_skip_bytes dup ok
++@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_token_tree dup asmalloc, memleak
++@c re_string_eoi dup ok
++@c re_string_first_byte ok
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_tree dup asmalloc, memleak
++@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c postorder() asmalloc, memleak
++@c free_tree asmalloc, memleak
++@c free_token dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c _NL_CURRENT dup ok
++@c _NL_CURRENT_WORD dup ok
++@c calloc dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c peek_token_bracket ok
++@c re_string_eoi dup ok
++@c re_string_peek_byte dup ok
++@c re_string_first_byte dup ok
++@c re_string_cur_idx dup ok
++@c re_string_length dup ok
++@c re_string_skip_bytes dup ok
++@c bitset_set ok
++@c re_string_skip_bytes ok
++@c parse_bracket_element ok (maybe glocale)
++@c re_string_char_size_at ok
++@c re_string_wchar_at dup ok
++@c re_string_skip_bytes dup ok
++@c parse_bracket_symbol ok (maybe glocale)
++@c re_string_eoi dup ok
++@c re_string_fetch_byte_case ok (maybe glocale)
++@c re_string_fetch_byte ok
++@c re_string_first_byte dup ok
++@c isascii ok
++@c re_string_char_size_at dup ok
++@c re_string_skip_bytes dup ok
++@c re_string_fetch_byte dup ok
++@c re_string_peek_byte dup ok
++@c re_string_skip_bytes dup ok
++@c peek_token_bracket dup
++@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c collseq_table_lookup ok
++@c auto seek_collating_symbol_entry dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c collseq_table_lookup dup ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c build_equiv_class (maybe glocale), asmalloc, memleak
++@c _NL_CURRENT ok
++@c auto findidx ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c auto build_collating_symbol asmalloc, memleak
++@c auto seek_collating_symbol_entry ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c build_charclass (maybe glocale), asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c bitset_set dup ok
++@c isalnum ok
++@c iscntrl ok
++@c isspace ok
++@c isalpha ok
++@c isdigit ok
++@c isprint ok
++@c isupper ok
++@c isblank ok
++@c isgraph ok
++@c ispunct ok
++@c isxdigit ok
++@c bitset_not ok
++@c bitset_mask ok
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c free_charset dup asmalloc, memleak
++@c init_word_char (maybe glocale)
++@c isalnum ok
++@c build_charclass_op (maybe glocale), asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c build_charclass dup (maybe glocale), asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_charset dup asmalloc, memleak
++@c bitset_set dup ok
++@c bitset_not dup ok
++@c bitset_mask dup ok
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_cur_idx dup ok
++@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_set_index ok
++@c postorder() asmalloc, memleak
++@c free_tree dup asmalloc, memleak
++@c mark_opt_subexp ok
++@c duplicate_tree asmalloc, memleak
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c postorder() asmalloc, memleak
++@c free_tree dup asmalloc, memleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_tree dup asmalloc, memleak
++@c create_tree asmalloc, memleak
++@c create_token_tree asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c analyze asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c preorder() asmalloc, memleak
++@c optimize_subexps ok
++@c calc_next ok
++@c link_nfa_nodes asmalloc, memleak
++@c re_node_set_init_1 asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_2 asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c postorder() asmalloc, memleak
++@c lower_subexps asmalloc, memleak
++@c lower_subexp asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c calc_first asmalloc, memleak
++@c re_dfa_add_node asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_init_empty ok
++@c calc_eclosure asmalloc, memleak
++@c calc_eclosure_iter asmalloc, memleak
++@c re_node_set_alloc asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c duplicate_node_closure asmalloc, memleak
++@c re_node_set_empty ok
++@c duplicate_node asmalloc, memleak
++@c re_dfa_add_node dup asmalloc, memleak
++@c re_node_set_insert asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c search_duplicated_node ok
++@c re_node_set_merge asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_free asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c calc_inveclosure asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_insert_last asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c optimize_utf8 ok
++@c create_initial_state asmalloc, memleak
++@c re_node_set_init_copy asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_contains ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_acquire_state_context asmalloc, memleak
++@c calc_state_hash ok
++@c re_node_set_compare ok
++@c create_cd_newstate asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_state asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c NOT_SATISFY_PREV_CONSTRAINT ok
++@c re_node_set_remove_at ok
++@c register_state asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c re_node_set_insert_last dup asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c free_workarea_compile asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_string_destruct asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_dfa_content asmalloc, memleak
++@c free_token asmalloc, memleak
++@c free_charset asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_set_fastmap ok
++@c tolower ok
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c towlower glocale
++@c _NL_CURRENT ok
++@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
+@@ -885,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
++@c libc_lock_lock selfdeadlock, lockleak
++@c re_search_internal
++@c re_string_allocate asmalloc, memleak
++@c re_string_construct_common dup ok
++@c re_string_realloc_buffers dup asmalloc, memleak
++@c match_ctx_init asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_string_byte_at ok
++@c re_string_first_byte dup ok
++@c check_matching
++@c re_string_cur_idx dup ok
++@c acquire_init_state_context dup asmalloc, memleak
++@c re_string_context_at ok
++@c re_string_byte_at dup ok
++@c bitset_contain ok
++@c re_acquire_state_context dup asmalloc, memleak
++@c check_subexp_matching_top asmalloc, memleak
++@c match_ctx_add_subtop asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c transit_state_bkref
++@c re_string_cur_idx dup ok
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT ok
++@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c re_string_get_buffer ok
++@c search_cur_bkref_entry ok
++@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_realloc_buffers dup asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c build_upper_buffer dup ok (glocale, but optimized)
++@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_translate_buffer dup ok
++@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c (re_)realloc dup asmalloc, memleak
++@c re_string_context_at dup ok
++@c re_node_set_init_1 dup asmalloc, memleak
++@c check_arrival_expand_ecl asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c find_subexp_node ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c check_arrival_expand_ecl_sub asmalloc, memleak
++@c re_node_set_contains dup ok
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c expand_bkref_cache asmalloc, memleak
++@c search_cur_bkref_entry dup ok
++@c re_node_set_contains dup ok
++@c re_node_set_init_1 dup asmalloc, memleak
++@c check_arrival_expand_ecl dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_acquire_state asmalloc, memleak
++@c calc_state_hash dup ok
++@c re_node_set_compare dup ok
++@c create_ci_newstate asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c register_state dup asmalloc, memleak
++@c free_state dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
++@c re_node_set_init_empty dup ok
++@c check_node_accept_bytes (maybe glocale), ***wcscoll
++@c re_string_byte_at dup ok
++@c re_string_char_size_at dup ok
++@c re_string_elem_size_at (maybe glocale)
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c auto findidx dup ok
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c collseq_table_lookup dup ok
++@c find_collation_sequence_value (maybe glocale)
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c auto findidx dup ok
++@c wcscoll ***wcscoll
++@c re_node_set_empty dup ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c check_node_accept ok
++@c re_string_byte_at dup ok
++@c bitset_contain dup ok
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c match_ctx_add_entry asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c find_subexp_node dup
++@c calloc dup asmalloc, memleak
++@c check_arrival dup ***
++@c match_ctx_add_sublast asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_node_set_init_union asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c check_subexp_matching_top dup asmalloc, memleak
++@c check_halt_state_context ok
++@c re_string_context_at dup ok
++@c check_halt_node_context ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c re_string_eoi dup ok
++@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c transit_state
++@c transit_state_mb
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c check_node_accept_bytes dup
++@c re_string_cur_idx dup ok
++@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_string_fetch_byte dup ok
++@c re_string_context_at dup ok
++@c build_trtable asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c group_nodes_into_DFAstates asmalloc, memleak
++@c bitset_empty dup ok
++@c bitset_set dup ok
++@c bitset_merge dup ok
++@c bitset_set_all ok
++@c bitset_clear ok
++@c bitset_contain dup ok
++@c bitset_copy ok
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_init_1 dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c malloc dup asmalloc, memleak
++@c free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c bitset_empty ok
++@c re_node_set_empty dup ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c bitset_merge ok
++@c calloc dup asmalloc, memleak
++@c bitset_contain dup ok
++@c merge_state_with_log
++@c re_string_cur_idx dup ok
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_string_context_at dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c check_subexp_matching_top asmalloc, memleak
++@c match_ctx_add_subtop dup asmalloc, memleak
++@c transit_state_bkref dup
++@c find_recover_state
++@c re_string_cur_idx dup ok
++@c re_string_skip_bytes dup ok
++@c merge_state_with_log dup
++@c check_halt_state_context dup
++@c prune_impossible_nodes
++@c (re_)malloc dup asmalloc, memleak
++@c sift_ctx_init ok
++@c re_node_set_init_empty dup ok
++@c sift_states_backward
++@c re_node_set_init_1 dup asmalloc, memleak
++@c update_cur_sifted_state asmalloc, memleak
++@c add_epsilon_src_nodes asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_add_intersect asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c check_subexp_limits asmalloc, memleak
++@c sub_epsilon_src_nodes asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_contains dup ok
++@c re_node_set_add_intersect dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_remove_at dup ok
++@c re_node_set_contains dup ok
++@c re_acquire_state dup asmalloc, memleak
++@c sift_states_bkref asmalloc, memleak
++@c search_cur_bkref_entry dup ok
++@c check_dst_limits ok
++@c search_cur_bkref_entry dup ok
++@c check_dst_limits_calc_pos ok
++@c check_dst_limits_calc_pos_1 ok
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c sift_states_backward dup
++@c merge_state_array dup asmalloc, memleak
++@c re_node_set_remove ok
++@c re_node_set_contains dup ok
++@c re_node_set_remove_at dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_empty dup ok
++@c build_sifted_states
++@c sift_states_iter_mb
++@c check_node_accept_bytes dup
++@c check_node_accept dup ok
++@c check_dst_limits dup ok
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c check_halt_state_context dup ok
++@c merge_state_array asmalloc, memleak
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c set_regs asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c free_fail_stack_return asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c update_regs ok
++@c re_node_set_free dup asmalloc, memleak
++@c pop_fail_stack asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c match_ctx_free asmalloc, memleak
++@c match_ctx_clean asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_string_destruct dup asmalloc, memleak
++@c libc_lock_unlock lockleak
+ This function tries to match the compiled regular expression
+ @code{*@var{compiled}} against @var{string}.
+
+@@ -1047,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun void regfree (regex_t *@var{compiled})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c (re_)free dup asmalloc, memleak
++@c free_dfa_content dup asmalloc, memleak
+ Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
+ points to. This includes various internal fields of the @code{regex_t}
+ structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b7f5fb7fb8aab1cde840ccc066ece2c9d0aac5de
commit b7f5fb7fb8aab1cde840ccc066ece2c9d0aac5de
Merge: 087730a ac662fe b37401d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:19:22 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=087730a768079feaa60e4bd972d9a25db4a6bf77
commit 087730a768079feaa60e4bd972d9a25db4a6bf77
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:19:22 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 45dcd5d..533e51d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 57982356a25c9317f2b934db8d7b81e8d9ac02da
-Head: e8af539713392c27e540158b90c5c8c57a34dde0
+Previous: ac662fe6d252a3d5739fc99789ddeb4816704ba0
+Head: b37401d04453d34fc6314fdc54606a46e8fb2627
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
wip-manual-document-mt-safety-pattern.patch: e8af539713392c27e540158b90c5c8c57a34dde0
+ refresh-temp: b37401d04453d34fc6314fdc54606a46e8fb2627
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..5185196
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,526 @@
+Bottom: 43752d35196008e73c5b6234ceb965ba6b80c8ef
+Top: 97c391126dfad97118d4c685597254faf62e03f0
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 12:19:21 -0300
+
+Refresh of wip-manual-document-mt-safety-pattern.patch
+
+---
+
+diff --git a/manual/pattern.texi b/manual/pattern.texi
+index 376566e..4b66204 100644
+--- a/manual/pattern.texi
++++ b/manual/pattern.texi
+@@ -736,10 +736,251 @@ expression into it by calling @code{regcomp}.
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+-@c (re_)malloc
+-@c re_compile_internal
+-@c re_compile_fastmap
+-@c (re_)free
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c All of the issues have to do with memory allocation and multi-byte
++@c character handling present in the input string, or implied by ranges
++@c or inverted character classes.
++@c (re_)malloc asmalloc, memleak
++@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
++@c callers that don't zero the buffer)
++@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)malloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c _NL_CURRENT ok
++@c _NL_CURRENT_WORD ok
++@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c libc_lock_init ok
++@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_construct_common ok
++@c re_string_realloc_buffers asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c isascii ok
++@c mbsinit ok
++@c toupper ok
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c iswlower glocale
++@c towupper glocale
++@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c (re_)malloc dup asmalloc, memleak
++@c build_upper_buffer ok (glocale, but optimized)
++@c islower ok
++@c toupper ok
++@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_translate_buffer ok
++@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c peek_token ok (maybe glocale)
++@c re_string_eoi ok
++@c re_string_peek_byte ok
++@c re_string_cur_idx ok
++@c re_string_length ok
++@c re_string_peek_byte_case ok (maybe glocale)
++@c re_string_peek_byte dup ok
++@c re_string_is_single_byte_char ok
++@c isascii ok
++@c re_string_peek_byte dup ok
++@c re_string_wchar_at ok
++@c re_string_skip_bytes ok
++@c re_string_skip_bytes dup ok
++@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_token_tree dup asmalloc, memleak
++@c re_string_eoi dup ok
++@c re_string_first_byte ok
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_tree dup asmalloc, memleak
++@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c postorder() asmalloc, memleak
++@c free_tree asmalloc, memleak
++@c free_token dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c _NL_CURRENT dup ok
++@c _NL_CURRENT_WORD dup ok
++@c calloc dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c peek_token_bracket ok
++@c re_string_eoi dup ok
++@c re_string_peek_byte dup ok
++@c re_string_first_byte dup ok
++@c re_string_cur_idx dup ok
++@c re_string_length dup ok
++@c re_string_skip_bytes dup ok
++@c bitset_set ok
++@c re_string_skip_bytes ok
++@c parse_bracket_element ok (maybe glocale)
++@c re_string_char_size_at ok
++@c re_string_wchar_at dup ok
++@c re_string_skip_bytes dup ok
++@c parse_bracket_symbol ok (maybe glocale)
++@c re_string_eoi dup ok
++@c re_string_fetch_byte_case ok (maybe glocale)
++@c re_string_fetch_byte ok
++@c re_string_first_byte dup ok
++@c isascii ok
++@c re_string_char_size_at dup ok
++@c re_string_skip_bytes dup ok
++@c re_string_fetch_byte dup ok
++@c re_string_peek_byte dup ok
++@c re_string_skip_bytes dup ok
++@c peek_token_bracket dup
++@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c collseq_table_lookup ok
++@c auto seek_collating_symbol_entry dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c collseq_table_lookup dup ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c build_equiv_class (maybe glocale), asmalloc, memleak
++@c _NL_CURRENT ok
++@c auto findidx ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c auto build_collating_symbol asmalloc, memleak
++@c auto seek_collating_symbol_entry ok
++@c bitset_set dup ok
++@c (re_)realloc dup asmalloc, memleak
++@c build_charclass (maybe glocale), asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c bitset_set dup ok
++@c isalnum ok
++@c iscntrl ok
++@c isspace ok
++@c isalpha ok
++@c isdigit ok
++@c isprint ok
++@c isupper ok
++@c isblank ok
++@c isgraph ok
++@c ispunct ok
++@c isxdigit ok
++@c bitset_not ok
++@c bitset_mask ok
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c free_charset dup asmalloc, memleak
++@c init_word_char (maybe glocale)
++@c isalnum ok
++@c build_charclass_op (maybe glocale), asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c build_charclass dup (maybe glocale), asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_charset dup asmalloc, memleak
++@c bitset_set dup ok
++@c bitset_not dup ok
++@c bitset_mask dup ok
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_cur_idx dup ok
++@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_set_index ok
++@c postorder() asmalloc, memleak
++@c free_tree dup asmalloc, memleak
++@c mark_opt_subexp ok
++@c duplicate_tree asmalloc, memleak
++@c create_token_tree dup asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c postorder() asmalloc, memleak
++@c free_tree dup asmalloc, memleak
++@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c create_tree dup asmalloc, memleak
++@c create_tree asmalloc, memleak
++@c create_token_tree asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c analyze asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c preorder() asmalloc, memleak
++@c optimize_subexps ok
++@c calc_next ok
++@c link_nfa_nodes asmalloc, memleak
++@c re_node_set_init_1 asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_2 asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c postorder() asmalloc, memleak
++@c lower_subexps asmalloc, memleak
++@c lower_subexp asmalloc, memleak
++@c create_tree dup asmalloc, memleak
++@c calc_first asmalloc, memleak
++@c re_dfa_add_node asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_init_empty ok
++@c calc_eclosure asmalloc, memleak
++@c calc_eclosure_iter asmalloc, memleak
++@c re_node_set_alloc asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c duplicate_node_closure asmalloc, memleak
++@c re_node_set_empty ok
++@c duplicate_node asmalloc, memleak
++@c re_dfa_add_node dup asmalloc, memleak
++@c re_node_set_insert asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c search_duplicated_node ok
++@c re_node_set_merge asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_free asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c calc_inveclosure asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_insert_last asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c optimize_utf8 ok
++@c create_initial_state asmalloc, memleak
++@c re_node_set_init_copy asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_contains ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_acquire_state_context asmalloc, memleak
++@c calc_state_hash ok
++@c re_node_set_compare ok
++@c create_cd_newstate asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_state asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c NOT_SATISFY_PREV_CONSTRAINT ok
++@c re_node_set_remove_at ok
++@c register_state asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c re_node_set_insert_last dup asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c free_workarea_compile asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_string_destruct asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c free_dfa_content asmalloc, memleak
++@c free_token asmalloc, memleak
++@c free_charset asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_set_fastmap ok
++@c tolower ok
++@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c towlower glocale
++@c _NL_CURRENT ok
++@c (re_)free asmalloc, memleak
+ The function @code{regcomp} ``compiles'' a regular expression into a
+ data structure that you can use with @code{regexec} to match against a
+ string. The compiled regular expression format is designed for
+@@ -889,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
++@c libc_lock_lock selfdeadlock, lockleak
++@c re_search_internal
++@c re_string_allocate asmalloc, memleak
++@c re_string_construct_common dup ok
++@c re_string_realloc_buffers dup asmalloc, memleak
++@c match_ctx_init asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_string_byte_at ok
++@c re_string_first_byte dup ok
++@c check_matching
++@c re_string_cur_idx dup ok
++@c acquire_init_state_context dup asmalloc, memleak
++@c re_string_context_at ok
++@c re_string_byte_at dup ok
++@c bitset_contain ok
++@c re_acquire_state_context dup asmalloc, memleak
++@c check_subexp_matching_top asmalloc, memleak
++@c match_ctx_add_subtop asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c transit_state_bkref
++@c re_string_cur_idx dup ok
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT ok
++@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c re_string_get_buffer ok
++@c search_cur_bkref_entry ok
++@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_realloc_buffers dup asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c build_upper_buffer dup ok (glocale, but optimized)
++@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_string_translate_buffer dup ok
++@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
++@c (re_)realloc dup asmalloc, memleak
++@c re_string_context_at dup ok
++@c re_node_set_init_1 dup asmalloc, memleak
++@c check_arrival_expand_ecl asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c find_subexp_node ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c check_arrival_expand_ecl_sub asmalloc, memleak
++@c re_node_set_contains dup ok
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c expand_bkref_cache asmalloc, memleak
++@c search_cur_bkref_entry dup ok
++@c re_node_set_contains dup ok
++@c re_node_set_init_1 dup asmalloc, memleak
++@c check_arrival_expand_ecl dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_acquire_state asmalloc, memleak
++@c calc_state_hash dup ok
++@c re_node_set_compare dup ok
++@c create_ci_newstate asmalloc, memleak
++@c calloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c register_state dup asmalloc, memleak
++@c free_state dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
++@c re_node_set_init_empty dup ok
++@c check_node_accept_bytes (maybe glocale), ***wcscoll
++@c re_string_byte_at dup ok
++@c re_string_char_size_at dup ok
++@c re_string_elem_size_at (maybe glocale)
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c auto findidx dup ok
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c collseq_table_lookup dup ok
++@c find_collation_sequence_value (maybe glocale)
++@c _NL_CURRENT_WORD dup ok
++@c _NL_CURRENT dup ok
++@c auto findidx dup ok
++@c wcscoll ***wcscoll
++@c re_node_set_empty dup ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c check_node_accept ok
++@c re_string_byte_at dup ok
++@c bitset_contain dup ok
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c match_ctx_add_entry asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c find_subexp_node dup
++@c calloc dup asmalloc, memleak
++@c check_arrival dup ***
++@c match_ctx_add_sublast asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_node_set_init_union asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c check_subexp_matching_top dup asmalloc, memleak
++@c check_halt_state_context ok
++@c re_string_context_at dup ok
++@c check_halt_node_context ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c re_string_eoi dup ok
++@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c transit_state
++@c transit_state_mb
++@c re_string_context_at dup ok
++@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
++@c check_node_accept_bytes dup
++@c re_string_cur_idx dup ok
++@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c re_string_fetch_byte dup ok
++@c re_string_context_at dup ok
++@c build_trtable asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c group_nodes_into_DFAstates asmalloc, memleak
++@c bitset_empty dup ok
++@c bitset_set dup ok
++@c bitset_merge dup ok
++@c bitset_set_all ok
++@c bitset_clear ok
++@c bitset_contain dup ok
++@c bitset_copy ok
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_init_1 dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c malloc dup asmalloc, memleak
++@c free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c bitset_empty ok
++@c re_node_set_empty dup ok
++@c re_node_set_merge dup asmalloc, memleak
++@c re_acquire_state_context dup asmalloc, memleak
++@c bitset_merge ok
++@c calloc dup asmalloc, memleak
++@c bitset_contain dup ok
++@c merge_state_with_log
++@c re_string_cur_idx dup ok
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_string_context_at dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c check_subexp_matching_top asmalloc, memleak
++@c match_ctx_add_subtop dup asmalloc, memleak
++@c transit_state_bkref dup
++@c find_recover_state
++@c re_string_cur_idx dup ok
++@c re_string_skip_bytes dup ok
++@c merge_state_with_log dup
++@c check_halt_state_context dup
++@c prune_impossible_nodes
++@c (re_)malloc dup asmalloc, memleak
++@c sift_ctx_init ok
++@c re_node_set_init_empty dup ok
++@c sift_states_backward
++@c re_node_set_init_1 dup asmalloc, memleak
++@c update_cur_sifted_state asmalloc, memleak
++@c add_epsilon_src_nodes asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c re_node_set_alloc dup asmalloc, memleak
++@c re_node_set_merge dup asmalloc, memleak
++@c re_node_set_add_intersect asmalloc, memleak
++@c (re_)realloc dup asmalloc, memleak
++@c check_subexp_limits asmalloc, memleak
++@c sub_epsilon_src_nodes asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c re_node_set_contains dup ok
++@c re_node_set_add_intersect dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_remove_at dup ok
++@c re_node_set_contains dup ok
++@c re_acquire_state dup asmalloc, memleak
++@c sift_states_bkref asmalloc, memleak
++@c search_cur_bkref_entry dup ok
++@c check_dst_limits ok
++@c search_cur_bkref_entry dup ok
++@c check_dst_limits_calc_pos ok
++@c check_dst_limits_calc_pos_1 ok
++@c re_node_set_init_copy dup asmalloc, memleak
++@c re_node_set_insert dup asmalloc, memleak
++@c sift_states_backward dup
++@c merge_state_array dup asmalloc, memleak
++@c re_node_set_remove ok
++@c re_node_set_contains dup ok
++@c re_node_set_remove_at dup ok
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c re_node_set_empty dup ok
++@c build_sifted_states
++@c sift_states_iter_mb
++@c check_node_accept_bytes dup
++@c check_node_accept dup ok
++@c check_dst_limits dup ok
++@c re_node_set_insert dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c check_halt_state_context dup ok
++@c merge_state_array asmalloc, memleak
++@c re_node_set_init_union dup asmalloc, memleak
++@c re_acquire_state dup asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c set_regs asmalloc, memleak
++@c (re_)malloc dup asmalloc, memleak
++@c re_node_set_init_empty dup ok
++@c free_fail_stack_return asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c update_regs ok
++@c re_node_set_free dup asmalloc, memleak
++@c pop_fail_stack asmalloc, memleak
++@c re_node_set_free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c match_ctx_free asmalloc, memleak
++@c match_ctx_clean asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c (re_)free dup asmalloc, memleak
++@c re_string_destruct dup asmalloc, memleak
++@c libc_lock_unlock lockleak
+ This function tries to match the compiled regular expression
+ @code{*@var{compiled}} against @var{string}.
+
+@@ -1051,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun void regfree (regex_t *@var{compiled})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
++@c (re_)free dup asmalloc, memleak
++@c free_dfa_content dup asmalloc, memleak
+ Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
+ points to. This includes various internal fields of the @code{regex_t}
+ structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b37401d04453d34fc6314fdc54606a46e8fb2627
commit b37401d04453d34fc6314fdc54606a46e8fb2627
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 12:19:21 2013 -0300
Refresh of wip-manual-document-mt-safety-pattern.patch
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 376566e..4b66204 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,10 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
-@c (re_)malloc
-@c re_compile_internal
-@c re_compile_fastmap
-@c (re_)free
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -889,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes (maybe glocale), ***wcscoll
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll ***wcscoll
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state
+@c transit_state_mb
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup
+@c check_halt_state_context dup
+@c prune_impossible_nodes
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states
+@c sift_states_iter_mb
+@c check_node_accept_bytes dup
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1051,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac662fe6d252a3d5739fc99789ddeb4816704ba0
commit ac662fe6d252a3d5739fc99789ddeb4816704ba0
Merge: 650f9c3 e8af539 5798235
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:03:10 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=650f9c331687fb4ba420e98aba978b4a07410553
commit 650f9c331687fb4ba420e98aba978b4a07410553
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:03:10 2013 -0300
refresh
diff --git a/meta b/meta
index 233a9ac..45dcd5d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 340235a641ecd6a7e87b1643cda5ff428fa4eba4
-Head: f70b5df15d5f8b162769b4197772032c9aa97294
+Previous: 57982356a25c9317f2b934db8d7b81e8d9ac02da
+Head: e8af539713392c27e540158b90c5c8c57a34dde0
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
- wip-manual-document-mt-safety-pattern.patch: fd02b804ae016376ee8a4fcc8e077b5c7528d172
- refresh-temp: f70b5df15d5f8b162769b4197772032c9aa97294
+ wip-manual-document-mt-safety-pattern.patch: e8af539713392c27e540158b90c5c8c57a34dde0
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d901418..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,24 +0,0 @@
-Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
-Top: 43752d35196008e73c5b6234ceb965ba6b80c8ef
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 03:03:09 -0300
-
-Refresh of wip-manual-document-mt-safety-pattern.patch
-
----
-
-diff --git a/manual/pattern.texi b/manual/pattern.texi
-index 1966f3f..376566e 100644
---- a/manual/pattern.texi
-+++ b/manual/pattern.texi
-@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
- @comment regex.h
- @comment POSIX.2
- @deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
-+@c (re_)malloc
-+@c re_compile_internal
-+@c re_compile_fastmap
-+@c (re_)free
- The function @code{regcomp} ``compiles'' a regular expression into a
- data structure that you can use with @code{regexec} to match against a
- string. The compiled regular expression format is designed for
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
index 797949e..86b5d47 100644
--- a/patches/wip-manual-document-mt-safety-pattern.patch
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -1,5 +1,5 @@
Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
-Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Top: 43752d35196008e73c5b6234ceb965ba6b80c8ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 03:02:58 -0300
@@ -12,4 +12,18 @@ for ChangeLog
---
-
+diff --git a/manual/pattern.texi b/manual/pattern.texi
+index 1966f3f..376566e 100644
+--- a/manual/pattern.texi
++++ b/manual/pattern.texi
+@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
++@c (re_)malloc
++@c re_compile_internal
++@c re_compile_fastmap
++@c (re_)free
+ The function @code{regcomp} ``compiles'' a regular expression into a
+ data structure that you can use with @code{regexec} to match against a
+ string. The compiled regular expression format is designed for
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=57982356a25c9317f2b934db8d7b81e8d9ac02da
commit 57982356a25c9317f2b934db8d7b81e8d9ac02da
Merge: afc1aa5 f70b5df 340235a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:03:10 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=afc1aa56260860ab23c376dc04b9b9902a91a276
commit afc1aa56260860ab23c376dc04b9b9902a91a276
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:03:10 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 32ab2f0..233a9ac 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 367167abc3fb6ec6e1a4102842004e3da003c1c6
-Head: fd02b804ae016376ee8a4fcc8e077b5c7528d172
+Previous: 340235a641ecd6a7e87b1643cda5ff428fa4eba4
+Head: f70b5df15d5f8b162769b4197772032c9aa97294
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
wip-manual-document-mt-safety-pattern.patch: fd02b804ae016376ee8a4fcc8e077b5c7528d172
+ refresh-temp: f70b5df15d5f8b162769b4197772032c9aa97294
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d901418
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,24 @@
+Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Top: 43752d35196008e73c5b6234ceb965ba6b80c8ef
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 03:03:09 -0300
+
+Refresh of wip-manual-document-mt-safety-pattern.patch
+
+---
+
+diff --git a/manual/pattern.texi b/manual/pattern.texi
+index 1966f3f..376566e 100644
+--- a/manual/pattern.texi
++++ b/manual/pattern.texi
+@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
+ @comment regex.h
+ @comment POSIX.2
+ @deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
++@c (re_)malloc
++@c re_compile_internal
++@c re_compile_fastmap
++@c (re_)free
+ The function @code{regcomp} ``compiles'' a regular expression into a
+ data structure that you can use with @code{regexec} to match against a
+ string. The compiled regular expression format is designed for
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f70b5df15d5f8b162769b4197772032c9aa97294
commit f70b5df15d5f8b162769b4197772032c9aa97294
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:03:09 2013 -0300
Refresh of wip-manual-document-mt-safety-pattern.patch
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..376566e 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@c (re_)malloc
+@c re_compile_internal
+@c re_compile_fastmap
+@c (re_)free
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=286fc6e694c6817dda55cebcdac48f49d58232ff
commit 286fc6e694c6817dda55cebcdac48f49d58232ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..4b66204 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,251 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c All of the issues have to do with memory allocation and multi-byte
+@c character handling present in the input string, or implied by ranges
+@c or inverted character classes.
+@c (re_)malloc asmalloc, memleak
+@c re_compile_internal glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)realloc asmalloc, memleak (asynconsist, incansist, for other
+@c callers that don't zero the buffer)
+@c init_dfa glocale, asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c _NL_CURRENT ok
+@c _NL_CURRENT_WORD ok
+@c btowc asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c libc_lock_init ok
+@c re_string_construct glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_construct_common ok
+@c re_string_realloc_buffers asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c isascii ok
+@c mbsinit ok
+@c toupper ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c iswlower glocale
+@c towupper glocale
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c (re_)malloc dup asmalloc, memleak
+@c build_upper_buffer ok (glocale, but optimized)
+@c islower ok
+@c toupper ok
+@c build_wcs_buffer asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer ok
+@c parse (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c peek_token ok (maybe glocale)
+@c re_string_eoi ok
+@c re_string_peek_byte ok
+@c re_string_cur_idx ok
+@c re_string_length ok
+@c re_string_peek_byte_case ok (maybe glocale)
+@c re_string_peek_byte dup ok
+@c re_string_is_single_byte_char ok
+@c isascii ok
+@c re_string_peek_byte dup ok
+@c re_string_wchar_at ok
+@c re_string_skip_bytes ok
+@c re_string_skip_bytes dup ok
+@c parse_reg_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_expression (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_token_tree dup asmalloc, memleak
+@c re_string_eoi dup ok
+@c re_string_first_byte ok
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c parse_sub_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_reg_exp dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c postorder() asmalloc, memleak
+@c free_tree asmalloc, memleak
+@c free_token dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_bracket_exp (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c _NL_CURRENT dup ok
+@c _NL_CURRENT_WORD dup ok
+@c calloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c peek_token_bracket ok
+@c re_string_eoi dup ok
+@c re_string_peek_byte dup ok
+@c re_string_first_byte dup ok
+@c re_string_cur_idx dup ok
+@c re_string_length dup ok
+@c re_string_skip_bytes dup ok
+@c bitset_set ok
+@c re_string_skip_bytes ok
+@c parse_bracket_element ok (maybe glocale)
+@c re_string_char_size_at ok
+@c re_string_wchar_at dup ok
+@c re_string_skip_bytes dup ok
+@c parse_bracket_symbol ok (maybe glocale)
+@c re_string_eoi dup ok
+@c re_string_fetch_byte_case ok (maybe glocale)
+@c re_string_fetch_byte ok
+@c re_string_first_byte dup ok
+@c isascii ok
+@c re_string_char_size_at dup ok
+@c re_string_skip_bytes dup ok
+@c re_string_fetch_byte dup ok
+@c re_string_peek_byte dup ok
+@c re_string_skip_bytes dup ok
+@c peek_token_bracket dup
+@c auto build_range_exp asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c auto lookup_collation_sequence_value asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c btowc dup asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c collseq_table_lookup ok
+@c auto seek_collating_symbol_entry dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c collseq_table_lookup dup ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_equiv_class (maybe glocale), asmalloc, memleak
+@c _NL_CURRENT ok
+@c auto findidx ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c auto build_collating_symbol asmalloc, memleak
+@c auto seek_collating_symbol_entry ok
+@c bitset_set dup ok
+@c (re_)realloc dup asmalloc, memleak
+@c build_charclass (maybe glocale), asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c bitset_set dup ok
+@c isalnum ok
+@c iscntrl ok
+@c isspace ok
+@c isalpha ok
+@c isdigit ok
+@c isprint ok
+@c isupper ok
+@c isblank ok
+@c isgraph ok
+@c ispunct ok
+@c isxdigit ok
+@c bitset_not ok
+@c bitset_mask ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c init_word_char (maybe glocale)
+@c isalnum ok
+@c build_charclass_op (maybe glocale), asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c build_charclass dup (maybe glocale), asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_charset dup asmalloc, memleak
+@c bitset_set dup ok
+@c bitset_not dup ok
+@c bitset_mask dup ok
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c parse_dup_op (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_cur_idx dup ok
+@c fetch_number ok (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_set_index ok
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c mark_opt_subexp ok
+@c duplicate_tree asmalloc, memleak
+@c create_token_tree dup asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c free_tree dup asmalloc, memleak
+@c fetch_token dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c parse_branch dup (maybe glocale), asynconsist, asmalloc, sefldeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c create_tree dup asmalloc, memleak
+@c create_tree asmalloc, memleak
+@c create_token_tree asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c analyze asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c preorder() asmalloc, memleak
+@c optimize_subexps ok
+@c calc_next ok
+@c link_nfa_nodes asmalloc, memleak
+@c re_node_set_init_1 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_2 asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c postorder() asmalloc, memleak
+@c lower_subexps asmalloc, memleak
+@c lower_subexp asmalloc, memleak
+@c create_tree dup asmalloc, memleak
+@c calc_first asmalloc, memleak
+@c re_dfa_add_node asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_init_empty ok
+@c calc_eclosure asmalloc, memleak
+@c calc_eclosure_iter asmalloc, memleak
+@c re_node_set_alloc asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c duplicate_node_closure asmalloc, memleak
+@c re_node_set_empty ok
+@c duplicate_node asmalloc, memleak
+@c re_dfa_add_node dup asmalloc, memleak
+@c re_node_set_insert asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c search_duplicated_node ok
+@c re_node_set_merge asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c calc_inveclosure asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_insert_last asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c optimize_utf8 ok
+@c create_initial_state asmalloc, memleak
+@c re_node_set_init_copy asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context asmalloc, memleak
+@c calc_state_hash ok
+@c re_node_set_compare ok
+@c create_cd_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_state asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c NOT_SATISFY_PREV_CONSTRAINT ok
+@c re_node_set_remove_at ok
+@c register_state asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_insert_last dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c free_workarea_compile asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content asmalloc, memleak
+@c free_token asmalloc, memleak
+@c free_charset asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_compile_fastmap glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_compile_fastmap_iter glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_set_fastmap ok
+@c tolower ok
+@c mbrtowc dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c wcrtomb dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c towlower glocale
+@c _NL_CURRENT ok
+@c (re_)free asmalloc, memleak
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
@@ -885,6 +1130,246 @@ unless the regular expression contains anchor characters (@samp{^} or
@comment regex.h
@comment POSIX.2
@deftypefun int regexec (const regex_t *restrict @var{compiled}, const char *restrict @var{string}, size_t @var{nmatch}, regmatch_t @var{matchptr}[restrict], int @var{eflags})
+@c libc_lock_lock selfdeadlock, lockleak
+@c re_search_internal
+@c re_string_allocate asmalloc, memleak
+@c re_string_construct_common dup ok
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c match_ctx_init asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_string_byte_at ok
+@c re_string_first_byte dup ok
+@c check_matching
+@c re_string_cur_idx dup ok
+@c acquire_init_state_context dup asmalloc, memleak
+@c re_string_context_at ok
+@c re_string_byte_at dup ok
+@c bitset_contain ok
+@c re_acquire_state_context dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c transit_state_bkref
+@c re_string_cur_idx dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT ok
+@c get_subexp glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c re_string_get_buffer ok
+@c search_cur_bkref_entry ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_realloc_buffers dup asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c build_wcs_upper_buffer dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c build_upper_buffer dup ok (glocale, but optimized)
+@c build_wcs_buffer dup asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_string_translate_buffer dup ok
+@c get_subexp_sub glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c check_arrival glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak, ***wcscoll
+@c (re_)realloc dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c find_subexp_node ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_arrival_expand_ecl_sub asmalloc, memleak
+@c re_node_set_contains dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c expand_bkref_cache asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_init_1 dup asmalloc, memleak
+@c check_arrival_expand_ecl dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_acquire_state asmalloc, memleak
+@c calc_state_hash dup ok
+@c re_node_set_compare dup ok
+@c create_ci_newstate asmalloc, memleak
+@c calloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c register_state dup asmalloc, memleak
+@c free_state dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c check_arrival_add_next_nodes (maybe glocale), asmalloc, memleak, ***wcscoll
+@c re_node_set_init_empty dup ok
+@c check_node_accept_bytes (maybe glocale), ***wcscoll
+@c re_string_byte_at dup ok
+@c re_string_char_size_at dup ok
+@c re_string_elem_size_at (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c collseq_table_lookup dup ok
+@c find_collation_sequence_value (maybe glocale)
+@c _NL_CURRENT_WORD dup ok
+@c _NL_CURRENT dup ok
+@c auto findidx dup ok
+@c wcscoll ***wcscoll
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c check_node_accept ok
+@c re_string_byte_at dup ok
+@c bitset_contain dup ok
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c match_ctx_add_entry asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c clean_state_log_if_needed dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c find_subexp_node dup
+@c calloc dup asmalloc, memleak
+@c check_arrival dup ***
+@c match_ctx_add_sublast asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_node_set_init_union asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top dup asmalloc, memleak
+@c check_halt_state_context ok
+@c re_string_context_at dup ok
+@c check_halt_node_context ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c re_string_eoi dup ok
+@c extend_buffers dup glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c transit_state
+@c transit_state_mb
+@c re_string_context_at dup ok
+@c NOT_SATISFY_NEXT_CONSTRAINT dup ok
+@c check_node_accept_bytes dup
+@c re_string_cur_idx dup ok
+@c clean_state_log_if_needed glocale, asynconsist, asmalloc, selfdeadlock, shlimb, incansist, lockleak, memleak, fdleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c re_string_fetch_byte dup ok
+@c re_string_context_at dup ok
+@c build_trtable asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c group_nodes_into_DFAstates asmalloc, memleak
+@c bitset_empty dup ok
+@c bitset_set dup ok
+@c bitset_merge dup ok
+@c bitset_set_all ok
+@c bitset_clear ok
+@c bitset_contain dup ok
+@c bitset_copy ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_init_1 dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c malloc dup asmalloc, memleak
+@c free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c bitset_empty ok
+@c re_node_set_empty dup ok
+@c re_node_set_merge dup asmalloc, memleak
+@c re_acquire_state_context dup asmalloc, memleak
+@c bitset_merge ok
+@c calloc dup asmalloc, memleak
+@c bitset_contain dup ok
+@c merge_state_with_log
+@c re_string_cur_idx dup ok
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_string_context_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c check_subexp_matching_top asmalloc, memleak
+@c match_ctx_add_subtop dup asmalloc, memleak
+@c transit_state_bkref dup
+@c find_recover_state
+@c re_string_cur_idx dup ok
+@c re_string_skip_bytes dup ok
+@c merge_state_with_log dup
+@c check_halt_state_context dup
+@c prune_impossible_nodes
+@c (re_)malloc dup asmalloc, memleak
+@c sift_ctx_init ok
+@c re_node_set_init_empty dup ok
+@c sift_states_backward
+@c re_node_set_init_1 dup asmalloc, memleak
+@c update_cur_sifted_state asmalloc, memleak
+@c add_epsilon_src_nodes asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_alloc dup asmalloc, memleak
+@c re_node_set_merge dup asmalloc, memleak
+@c re_node_set_add_intersect asmalloc, memleak
+@c (re_)realloc dup asmalloc, memleak
+@c check_subexp_limits asmalloc, memleak
+@c sub_epsilon_src_nodes asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c re_node_set_contains dup ok
+@c re_node_set_add_intersect dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_remove_at dup ok
+@c re_node_set_contains dup ok
+@c re_acquire_state dup asmalloc, memleak
+@c sift_states_bkref asmalloc, memleak
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits ok
+@c search_cur_bkref_entry dup ok
+@c check_dst_limits_calc_pos ok
+@c check_dst_limits_calc_pos_1 ok
+@c re_node_set_init_copy dup asmalloc, memleak
+@c re_node_set_insert dup asmalloc, memleak
+@c sift_states_backward dup
+@c merge_state_array dup asmalloc, memleak
+@c re_node_set_remove ok
+@c re_node_set_contains dup ok
+@c re_node_set_remove_at dup ok
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c re_node_set_empty dup ok
+@c build_sifted_states
+@c sift_states_iter_mb
+@c check_node_accept_bytes dup
+@c check_node_accept dup ok
+@c check_dst_limits dup ok
+@c re_node_set_insert dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c check_halt_state_context dup ok
+@c merge_state_array asmalloc, memleak
+@c re_node_set_init_union dup asmalloc, memleak
+@c re_acquire_state dup asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c set_regs asmalloc, memleak
+@c (re_)malloc dup asmalloc, memleak
+@c re_node_set_init_empty dup ok
+@c free_fail_stack_return asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c update_regs ok
+@c re_node_set_free dup asmalloc, memleak
+@c pop_fail_stack asmalloc, memleak
+@c re_node_set_free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c match_ctx_free asmalloc, memleak
+@c match_ctx_clean asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c (re_)free dup asmalloc, memleak
+@c re_string_destruct dup asmalloc, memleak
+@c libc_lock_unlock lockleak
This function tries to match the compiled regular expression
@code{*@var{compiled}} against @var{string}.
@@ -1047,6 +1532,9 @@ free the storage it uses by calling @code{regfree}.
@comment regex.h
@comment POSIX.2
@deftypefun void regfree (regex_t *@var{compiled})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c (re_)free dup asmalloc, memleak
+@c free_dfa_content dup asmalloc, memleak
Calling @code{regfree} frees all the storage that @code{*@var{compiled}}
points to. This includes various internal fields of the @code{regex_t}
structure that aren't documented in this manual.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e8af539713392c27e540158b90c5c8c57a34dde0
commit e8af539713392c27e540158b90c5c8c57a34dde0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
diff --git a/manual/pattern.texi b/manual/pattern.texi
index 1966f3f..376566e 100644
--- a/manual/pattern.texi
+++ b/manual/pattern.texi
@@ -736,6 +736,10 @@ expression into it by calling @code{regcomp}.
@comment regex.h
@comment POSIX.2
@deftypefun int regcomp (regex_t *restrict @var{compiled}, const char *restrict @var{pattern}, int @var{cflags})
+@c (re_)malloc
+@c re_compile_internal
+@c re_compile_fastmap
+@c (re_)free
The function @code{regcomp} ``compiles'' a regular expression into a
data structure that you can use with @code{regexec} to match against a
string. The compiled regular expression format is designed for
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=340235a641ecd6a7e87b1643cda5ff428fa4eba4
commit 340235a641ecd6a7e87b1643cda5ff428fa4eba4
Merge: 976ed53 367167a fd02b80
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
new
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=976ed5335ad934eba1936ef552ead98a9e1dead1
commit 976ed5335ad934eba1936ef552ead98a9e1dead1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
new
diff --git a/meta b/meta
index d749556..32ab2f0 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5c8f728e217b3cc071402ce31689d0cc3ddbbe4f
-Head: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
+Previous: 367167abc3fb6ec6e1a4102842004e3da003c1c6
+Head: fd02b804ae016376ee8a4fcc8e077b5c7528d172
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
+ wip-manual-document-mt-safety-pattern.patch: fd02b804ae016376ee8a4fcc8e077b5c7528d172
Unapplied:
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-pattern.patch b/patches/wip-manual-document-mt-safety-pattern.patch
new file mode 100644
index 0000000..797949e
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-pattern.patch
@@ -0,0 +1,15 @@
+Bottom: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 03:02:58 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/pattern.texi: Document thread safety properties.
+
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fd02b804ae016376ee8a4fcc8e077b5c7528d172
commit fd02b804ae016376ee8a4fcc8e077b5c7528d172
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:02:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/pattern.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=367167abc3fb6ec6e1a4102842004e3da003c1c6
commit 367167abc3fb6ec6e1a4102842004e3da003c1c6
Merge: 993c633 c6a9551 5c8f728
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:01:38 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=993c6338b7c2cf96413a59818cc8df09d97fb594
commit 993c6338b7c2cf96413a59818cc8df09d97fb594
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:01:38 2013 -0300
refresh
diff --git a/meta b/meta
index 77dc5e6..d749556 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3b4ccc92fd1387e7de7cd9b502c03f9b259d746b
-Head: 36c2f5c7a687deea27b8092521704a0e9be8f7c9
+Previous: 5c8f728e217b3cc071402ce31689d0cc3ddbbe4f
+Head: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
- wip-manual-document-mt-safety-locale.patch: 992d05a094081cd47e58dcff300c4f202ac03eb2
- refresh-temp: 36c2f5c7a687deea27b8092521704a0e9be8f7c9
+ wip-manual-document-mt-safety-locale.patch: c6a95510e695760a3ff9c03a7a1a6a95d2f74573
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 70b8aa5..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,32 +0,0 @@
-Bottom: 2507e36324acba020ee2ab328f3315c7d3885c46
-Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 03:01:37 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index dac8f2e..11c9dc7 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -817,7 +817,8 @@ was introduced.
- @deftypefun {char *} nl_langinfo (nl_item @var{item})
- @safety{@mtsafe{}@assafe{}@acsafe{}}
- @c It calls _nl_langinfo_l with the current locale, which returns a
--@c pointer into constant strings defined in locale data structures.
-+@c pointer into constant strings defined in locale data structures. It
-+@c doesn't run afoul of glocale itself, but callers may.
- The @code{nl_langinfo} function can be used to access individual
- elements of the locale categories. Unlike the @code{localeconv}
- function, which returns all the information, @code{nl_langinfo}
-@@ -1328,6 +1329,8 @@ access to the corresponding locale definitions.
- @comment GNU
- @comment stdlib.h
- @deftypefun int rpmatch (const char *@var{response})
-+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
-+@c regfree, regcomp and regexec.
- The function @code{rpmatch} checks the string in @var{response} whether
- or not it is a correct yes-or-no answer and if yes, which one. The
- check uses the @code{YESEXPR} and @code{NOEXPR} data in the
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index f25fda7..6e6dca0 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 344a5475cfbcc32876fb401e993b1a6146c02663
-Top: 2507e36324acba020ee2ab328f3315c7d3885c46
+Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..dac8f2e 100644
+index 2f10fcd..11c9dc7 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -165,17 +165,18 @@ index 2f10fcd..dac8f2e 100644
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
-@@ -680,6 +815,9 @@ was introduced.
+@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
-+@c pointer into constant strings defined in locale data structures.
++@c pointer into constant strings defined in locale data structures. It
++@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
-@@ -974,6 +1112,11 @@ locale information, making it easier for the user to format
+@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
@@ -187,3 +188,12 @@ index 2f10fcd..dac8f2e 100644
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
+@@ -1185,6 +1329,8 @@ access to the corresponding locale definitions.
+ @comment GNU
+ @comment stdlib.h
+ @deftypefun int rpmatch (const char *@var{response})
++@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
++@c regfree, regcomp and regexec.
+ The function @code{rpmatch} checks the string in @var{response} whether
+ or not it is a correct yes-or-no answer and if yes, which one. The
+ check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5c8f728e217b3cc071402ce31689d0cc3ddbbe4f
commit 5c8f728e217b3cc071402ce31689d0cc3ddbbe4f
Merge: 2be76d1 36c2f5c 3b4ccc9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:01:37 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2be76d1181f20143cd008c63243aace6494dc0ea
commit 2be76d1181f20143cd008c63243aace6494dc0ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:01:37 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 56c1d55..77dc5e6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 72821a94665b158372ee6c34fd6bbb938aeef580
-Head: 992d05a094081cd47e58dcff300c4f202ac03eb2
+Previous: 3b4ccc92fd1387e7de7cd9b502c03f9b259d746b
+Head: 36c2f5c7a687deea27b8092521704a0e9be8f7c9
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
wip-manual-document-mt-safety-locale.patch: 992d05a094081cd47e58dcff300c4f202ac03eb2
+ refresh-temp: 36c2f5c7a687deea27b8092521704a0e9be8f7c9
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..70b8aa5
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,32 @@
+Bottom: 2507e36324acba020ee2ab328f3315c7d3885c46
+Top: 15a8300141ee19f4516dae06220c3f742c3d7c85
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 03:01:37 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index dac8f2e..11c9dc7 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -817,7 +817,8 @@ was introduced.
+ @deftypefun {char *} nl_langinfo (nl_item @var{item})
+ @safety{@mtsafe{}@assafe{}@acsafe{}}
+ @c It calls _nl_langinfo_l with the current locale, which returns a
+-@c pointer into constant strings defined in locale data structures.
++@c pointer into constant strings defined in locale data structures. It
++@c doesn't run afoul of glocale itself, but callers may.
+ The @code{nl_langinfo} function can be used to access individual
+ elements of the locale categories. Unlike the @code{localeconv}
+ function, which returns all the information, @code{nl_langinfo}
+@@ -1328,6 +1329,8 @@ access to the corresponding locale definitions.
+ @comment GNU
+ @comment stdlib.h
+ @deftypefun int rpmatch (const char *@var{response})
++@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
++@c regfree, regcomp and regexec.
+ The function @code{rpmatch} checks the string in @var{response} whether
+ or not it is a correct yes-or-no answer and if yes, which one. The
+ check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=36c2f5c7a687deea27b8092521704a0e9be8f7c9
commit 36c2f5c7a687deea27b8092521704a0e9be8f7c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 03:01:37 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index dac8f2e..11c9dc7 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -817,7 +817,8 @@ was introduced.
@deftypefun {char *} nl_langinfo (nl_item @var{item})
@safety{@mtsafe{}@assafe{}@acsafe{}}
@c It calls _nl_langinfo_l with the current locale, which returns a
-@c pointer into constant strings defined in locale data structures.
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -1328,6 +1329,8 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
+@c regfree, regcomp and regexec.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3b4ccc92fd1387e7de7cd9b502c03f9b259d746b
commit 3b4ccc92fd1387e7de7cd9b502c03f9b259d746b
Merge: 7263281 992d05a 72821a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:23:41 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7263281551734ca0eb7c9e627e74c1d6ebbd1166
commit 7263281551734ca0eb7c9e627e74c1d6ebbd1166
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:23:41 2013 -0300
push
diff --git a/meta b/meta
index f35c25f..56c1d55 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 64c553b3957d07dac3e3b7d45ff1b3c90e2bc1ab
-Head: 0666d6743488860ce4130ed89f79bdda045e1559
+Previous: 72821a94665b158372ee6c34fd6bbb938aeef580
+Head: 992d05a094081cd47e58dcff300c4f202ac03eb2
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -21,13 +21,13 @@ Applied:
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
wip-manual-document-mt-safety-math.patch: 0666d6743488860ce4130ed89f79bdda045e1559
+ wip-manual-document-mt-safety-resource.patch: e1924a257ca4ba889b69af5907ca22f235fac6c9
+ wip-manual-document-mt-safety-startup.patch: 9c28ed5886790c4874d527aa2a775a299263bad5
+ wip-manual-document-mt-safety-search.patch: 6ff8451b08998b4f998ec7de43aee9148d46f3e5
+ wip-manual-document-mt-safety-string.patch: 241e5dd068f11629bd72636268cfb0330d352e02
+ wip-manual-document-mt-safety-terminal.patch: 178585271fec5719c46b62c1a25f19cd9fd28655
+ wip-manual-document-mt-safety-threads.patch: bcc2df98a27754a19ee0747e55f39302dbf3970e
+ wip-manual-document-mt-safety-time.patch: 85e757c54f47a0ada4f7a940c638b2bc7fb01572
+ wip-manual-document-mt-safety-locale.patch: 992d05a094081cd47e58dcff300c4f202ac03eb2
Unapplied:
- wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
- wip-manual-document-mt-safety-startup.patch: 51a856392fd604dac2529a05ed2af3b71b37a583
- wip-manual-document-mt-safety-search.patch: e05d166acc5534804dd2ee0f91e25d85cb546685
- wip-manual-document-mt-safety-string.patch: 18a4951c9cbf68f51a2dceaeb4cea3036f0ebea0
- wip-manual-document-mt-safety-terminal.patch: fccffdf69a6e46c63ce9f4e7adc46b97cceb81c7
- wip-manual-document-mt-safety-threads.patch: cd1c8927299a03be9624e0b1b54e049371da1500
- wip-manual-document-mt-safety-time.patch: 481d3df53d8c568232578ba58d71ddd6b461b9c6
- wip-manual-document-mt-safety-locale.patch: a972cbb641150922f5dea32a6f655e40414c86ff
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 040f48b..f25fda7 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: b54fb6025438aaaf6c4da81f60d0bf50a69c2f70
-Top: e8326e9572adad124fcc425a1b12c12d00136c87
+Bottom: 344a5475cfbcc32876fb401e993b1a6146c02663
+Top: 2507e36324acba020ee2ab328f3315c7d3885c46
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 282cdf8..50011fd 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 2a4babdd62df27c5861aa15305c7f516dc172d00
-Top: 8454b90778b1ebde46471a8e807c55534059dee4
+Bottom: 96d250ae32036f1399b1ebae76631dbb2b62738d
+Top: eac45389ac7f46a006c5b0650e399877b77691df
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index ec0a5e5..0ff2c46 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 5c2e4fd6e27fcf98265b31f0b27f64539262961f
-Top: 9bb36bae725f82fa35390671a43725efcd84ec88
+Bottom: b6f83a85b4b377bb75e56263833cab93a55fe8aa
+Top: 974b65fdd740c5be01caf8296db702b20af31f6e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 78a28cb..39696d9 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 8454b90778b1ebde46471a8e807c55534059dee4
-Top: 5c2e4fd6e27fcf98265b31f0b27f64539262961f
+Bottom: eac45389ac7f46a006c5b0650e399877b77691df
+Top: b6f83a85b4b377bb75e56263833cab93a55fe8aa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:59 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 8eca966..b6c4a09 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 9bb36bae725f82fa35390671a43725efcd84ec88
-Top: f2dc9605a7f5fc5e97f7243ee13b18c3e34fe5e3
+Bottom: 974b65fdd740c5be01caf8296db702b20af31f6e
+Top: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index b00c262..2515ce5 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: f2dc9605a7f5fc5e97f7243ee13b18c3e34fe5e3
-Top: 1d8bfc5bb628af156d0866fcd40fe986599d3a7c
+Bottom: 4526eb59c2b81d3c38552d73b8bcdcbe825ea516
+Top: f01ba8b728460fbc54e782ace50ff470524c4f8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 33794ed..b39e2e9 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 1d8bfc5bb628af156d0866fcd40fe986599d3a7c
-Top: 5c6fad90032135d6828414f74e8eae1b8bcf1954
+Bottom: f01ba8b728460fbc54e782ace50ff470524c4f8c
+Top: 8247b1a7d1b5c98f69462719f1ee387fea7ccb9a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 877577b..749f456 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 5c6fad90032135d6828414f74e8eae1b8bcf1954
-Top: b54fb6025438aaaf6c4da81f60d0bf50a69c2f70
+Bottom: 8247b1a7d1b5c98f69462719f1ee387fea7ccb9a
+Top: 344a5475cfbcc32876fb401e993b1a6146c02663
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=80f55c2d25e3968c30f5846ffabc81dedc50f709
commit 80f55c2d25e3968c30f5846ffabc81dedc50f709
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..b63a849 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,9 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Calls strcoll_l with the current locale, which dereferences only the
+@c LC_COLLATE data pointer.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1351,6 +1361,8 @@ collating sequence of the current locale for collation (the
@comment wchar.h
@comment ISO
@deftypefun int wcscoll (const wchar_t *@var{ws1}, const wchar_t *@var{ws2})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak}}
+@c Same as strcoll, but calling wcscoll_l.
The @code{wcscoll} function is similar to @code{wcscmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1649,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1691,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2689,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=241e5dd068f11629bd72636268cfb0330d352e02
commit 241e5dd068f11629bd72636268cfb0330d352e02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..173306c 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c6a95510e695760a3ff9c03a7a1a6a95d2f74573
commit c6a95510e695760a3ff9c03a7a1a6a95d2f74573
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..11c9dc7 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,10 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures. It
+@c doesn't run afoul of glocale itself, but callers may.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1113,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
@@ -1185,6 +1329,8 @@ access to the corresponding locale definitions.
@comment GNU
@comment stdlib.h
@deftypefun int rpmatch (const char *@var{response})
+@c Calls nl_langinfo with YESEXPR and NOEXPR, triggering glocale. Calls
+@c regfree, regcomp and regexec.
The function @code{rpmatch} checks the string in @var{response} whether
or not it is a correct yes-or-no answer and if yes, which one. The
check uses the @code{YESEXPR} and @code{NOEXPR} data in the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=992d05a094081cd47e58dcff300c4f202ac03eb2
commit 992d05a094081cd47e58dcff300c4f202ac03eb2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..dac8f2e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,9 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1112,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6ff8451b08998b4f998ec7de43aee9148d46f3e5
commit 6ff8451b08998b4f998ec7de43aee9148d46f3e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=85e757c54f47a0ada4f7a940c638b2bc7fb01572
commit 85e757c54f47a0ada4f7a940c638b2bc7fb01572
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bcc2df98a27754a19ee0747e55f39302dbf3970e
commit bcc2df98a27754a19ee0747e55f39302dbf3970e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=178585271fec5719c46b62c1a25f19cd9fd28655
commit 178585271fec5719c46b62c1a25f19cd9fd28655
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c28ed5886790c4874d527aa2a775a299263bad5
commit 9c28ed5886790c4874d527aa2a775a299263bad5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1924a257ca4ba889b69af5907ca22f235fac6c9
commit e1924a257ca4ba889b69af5907ca22f235fac6c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=72821a94665b158372ee6c34fd6bbb938aeef580
commit 72821a94665b158372ee6c34fd6bbb938aeef580
Merge: 43f41eb 64c553b 0666d67
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:26 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=43f41eb88ab33518c953a83c270b7763a1a7d9ca
commit 43f41eb88ab33518c953a83c270b7763a1a7d9ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:26 2013 -0300
push
diff --git a/meta b/meta
index 9edc3ae..f35c25f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 12529c2df35ac3d6ba02740f56909653b341e1ee
-Head: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
+Previous: 64c553b3957d07dac3e3b7d45ff1b3c90e2bc1ab
+Head: 0666d6743488860ce4130ed89f79bdda045e1559
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,8 +20,8 @@ Applied:
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
+ wip-manual-document-mt-safety-math.patch: 0666d6743488860ce4130ed89f79bdda045e1559
Unapplied:
- wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
wip-manual-document-mt-safety-startup.patch: 51a856392fd604dac2529a05ed2af3b71b37a583
wip-manual-document-mt-safety-search.patch: e05d166acc5534804dd2ee0f91e25d85cb546685
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index e669a0c..3c5a4de 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 59fc607250a481aac5da87d4296f1783f949792b
-Top: 2a4babdd62df27c5861aa15305c7f516dc172d00
+Bottom: 642718307250c62d80e83e8ad81aafb696296a92
+Top: 96d250ae32036f1399b1ebae76631dbb2b62738d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0666d6743488860ce4130ed89f79bdda045e1559
commit 0666d6743488860ce4130ed89f79bdda045e1559
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=64c553b3957d07dac3e3b7d45ff1b3c90e2bc1ab
commit 64c553b3957d07dac3e3b7d45ff1b3c90e2bc1ab
Merge: a374f24 12529c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:23 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a374f243eb8e322d6c7866d3472b0a6dbe9c0df4
commit a374f243eb8e322d6c7866d3472b0a6dbe9c0df4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:23 2013 -0300
refresh
diff --git a/meta b/meta
index 3f6d984..9edc3ae 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3306b8e77532778e80996946b743e7a2597b7ac3
-Head: d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
+Previous: 12529c2df35ac3d6ba02740f56909653b341e1ee
+Head: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,7 +20,6 @@ Applied:
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
- refresh-temp: d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
Unapplied:
wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 8b10bb0..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,10 +0,0 @@
-Bottom: 642718307250c62d80e83e8ad81aafb696296a92
-Top: 642718307250c62d80e83e8ad81aafb696296a92
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 02:15:22 -0300
-
-Refresh of manual-document-mt-safety-stdio.patch
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12529c2df35ac3d6ba02740f56909653b341e1ee
commit 12529c2df35ac3d6ba02740f56909653b341e1ee
Merge: 56b6f0e d70ce76 3306b8e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:22 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=56b6f0e1817f308ce4d018068855e8cc7fc6251e
commit 56b6f0e1817f308ce4d018068855e8cc7fc6251e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:22 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index d8e626a..3f6d984 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f40ade1b782ebe21290e07078af9d9dd4cf650e4
-Head: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
+Previous: 3306b8e77532778e80996946b743e7a2597b7ac3
+Head: d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
+ refresh-temp: d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
Unapplied:
wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..8b10bb0
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,10 @@
+Bottom: 642718307250c62d80e83e8ad81aafb696296a92
+Top: 642718307250c62d80e83e8ad81aafb696296a92
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 02:15:22 -0300
+
+Refresh of manual-document-mt-safety-stdio.patch
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
commit d70ce76cacbd09402e1dda7e80d53b7e5c9131e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:15:22 2013 -0300
Refresh of manual-document-mt-safety-stdio.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3306b8e77532778e80996946b743e7a2597b7ac3
commit 3306b8e77532778e80996946b743e7a2597b7ac3
Merge: 276b829 f40ade1 7c4dccb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:14:26 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=276b829db4064d267071c1ec522cfed6605f05ba
commit 276b829db4064d267071c1ec522cfed6605f05ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:14:26 2013 -0300
refresh
diff --git a/meta b/meta
index 4f610c1..d8e626a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: aa02ff6c4de2577379ead8df4fb61b567a764ebb
-Head: 9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
+Previous: f40ade1b782ebe21290e07078af9d9dd4cf650e4
+Head: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -19,8 +19,7 @@ Applied:
manual-document-mt-safety-job.patch: 917a111878057a3254a5aae2a9e436e2da0521f2
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
- manual-document-mt-safety-stdio.patch: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
- refresh-temp: 9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
+ manual-document-mt-safety-stdio.patch: 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
Unapplied:
wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 702eefe..bb2b074 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
Bottom: 7fe65183ca01afbf35f279fb8a0031a5633d2a1e
-Top: 59fc607250a481aac5da87d4296f1783f949792b
+Top: 642718307250c62d80e83e8ad81aafb696296a92
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:03:58 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 30630ca..dad1072 100644
+index 30630ca..9ffe87b 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@@ -672,7 +672,7 @@ index 30630ca..dad1072 100644
+@c outchar ok
+@c outstring ok
+@c PAD ok
-+@c __printf_fp glocale memleak
++@c __printf_fp glocale, asmalloc, memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 1759be4..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 59fc607250a481aac5da87d4296f1783f949792b
-Top: 642718307250c62d80e83e8ad81aafb696296a92
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 02:14:19 -0300
-
-Refresh of manual-document-mt-safety-stdio.patch
-
----
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index dad1072..9ffe87b 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -2680,7 +2680,7 @@ pointer @var{ap}.
- @c outchar ok
- @c outstring ok
- @c PAD ok
--@c __printf_fp glocale memleak
-+@c __printf_fp glocale, asmalloc, memleak
- @c __printf_fphex glocale
- @c __readonly_area
- @c [GNU/Linux] fopen, strtoul, free
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f40ade1b782ebe21290e07078af9d9dd4cf650e4
commit f40ade1b782ebe21290e07078af9d9dd4cf650e4
Merge: 37d7582 9af4c4c aa02ff6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:14:24 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=37d75828ea79c956a1666a684604165204f3db61
commit 37d75828ea79c956a1666a684604165204f3db61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:14:24 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index ffb7d28..4f610c1 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: aaf81fa9cc834eed1d89c7be11b0c01f6721c4dc
-Head: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
+Previous: aa02ff6c4de2577379ead8df4fb61b567a764ebb
+Head: 9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
+ refresh-temp: 9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
Unapplied:
wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..1759be4
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 59fc607250a481aac5da87d4296f1783f949792b
+Top: 642718307250c62d80e83e8ad81aafb696296a92
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 02:14:19 -0300
+
+Refresh of manual-document-mt-safety-stdio.patch
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index dad1072..9ffe87b 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -2680,7 +2680,7 @@ pointer @var{ap}.
+ @c outchar ok
+ @c outstring ok
+ @c PAD ok
+-@c __printf_fp glocale memleak
++@c __printf_fp glocale, asmalloc, memleak
+ @c __printf_fphex glocale
+ @c __readonly_area
+ @c [GNU/Linux] fopen, strtoul, free
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
commit 9af4c4c485694a7785aeb7154b5fa4dd419ca1fa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:14:19 2013 -0300
Refresh of manual-document-mt-safety-stdio.patch
diff --git a/manual/stdio.texi b/manual/stdio.texi
index dad1072..9ffe87b 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -2680,7 +2680,7 @@ pointer @var{ap}.
@c outchar ok
@c outstring ok
@c PAD ok
-@c __printf_fp glocale memleak
+@c __printf_fp glocale, asmalloc, memleak
@c __printf_fphex glocale
@c __readonly_area
@c [GNU/Linux] fopen, strtoul, free
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aa02ff6c4de2577379ead8df4fb61b567a764ebb
commit aa02ff6c4de2577379ead8df4fb61b567a764ebb
Merge: 05d37fc aaf81fa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:04:09 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=05d37fca438c1f2d900d08b5010a0123026610a6
commit 05d37fca438c1f2d900d08b5010a0123026610a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:04:09 2013 -0300
goto
diff --git a/meta b/meta
index 210af6a..ffb7d28 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8186f2187d685f4e0da68346579b07bb9c4a46ee
-Head: a972cbb641150922f5dea32a6f655e40414c86ff
+Previous: aaf81fa9cc834eed1d89c7be11b0c01f6721c4dc
+Head: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
manual-document-mt-safety-stdio.patch: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
+Unapplied:
wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
wip-manual-document-mt-safety-startup.patch: 51a856392fd604dac2529a05ed2af3b71b37a583
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-threads.patch: cd1c8927299a03be9624e0b1b54e049371da1500
wip-manual-document-mt-safety-time.patch: 481d3df53d8c568232578ba58d71ddd6b461b9c6
wip-manual-document-mt-safety-locale.patch: a972cbb641150922f5dea32a6f655e40414c86ff
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aaf81fa9cc834eed1d89c7be11b0c01f6721c4dc
commit aaf81fa9cc834eed1d89c7be11b0c01f6721c4dc
Merge: e86251f a972cbb 8186f21
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:02:50 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e86251f76000b17cf0fc0f7427ee0516743ffa8a
commit e86251f76000b17cf0fc0f7427ee0516743ffa8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:02:50 2013 -0300
refresh
diff --git a/meta b/meta
index 060d2e7..210af6a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c7d60029d83e9f2ee383fc6007fdd952bdf860bc
-Head: 3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
+Previous: 8186f2187d685f4e0da68346579b07bb9c4a46ee
+Head: a972cbb641150922f5dea32a6f655e40414c86ff
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: fccffdf69a6e46c63ce9f4e7adc46b97cceb81c7
wip-manual-document-mt-safety-threads.patch: cd1c8927299a03be9624e0b1b54e049371da1500
wip-manual-document-mt-safety-time.patch: 481d3df53d8c568232578ba58d71ddd6b461b9c6
- wip-manual-document-mt-safety-locale.patch: 96b965160d7c3558ccf87abf7f2fd853a03343e5
- refresh-temp: 3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
+ wip-manual-document-mt-safety-locale.patch: a972cbb641150922f5dea32a6f655e40414c86ff
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 16d996b..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,46 +0,0 @@
-Bottom: b12b2150d8eb3125781678c67a6b9a49c40ecbc0
-Top: e8326e9572adad124fcc425a1b12c12d00136c87
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-31 02:02:49 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index f07135e..dac8f2e 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -545,6 +545,10 @@ according to the selected locale using this information.
- @comment locale.h
- @comment ISO
- @deftypefun {struct lconv *} localeconv (void)
-+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
-+@c This function reads from multiple components of the locale object,
-+@c without synchronization, while writing to the static buffer it uses
-+@c as the return value.
- The @code{localeconv} function returns a pointer to a structure whose
- components contain information about how numeric and monetary values
- should be formatted in the current locale.
-@@ -811,6 +815,9 @@ was introduced.
- @comment langinfo.h
- @comment XOPEN
- @deftypefun {char *} nl_langinfo (nl_item @var{item})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c It calls _nl_langinfo_l with the current locale, which returns a
-+@c pointer into constant strings defined in locale data structures.
- The @code{nl_langinfo} function can be used to access individual
- elements of the locale categories. Unlike the @code{localeconv}
- function, which returns all the information, @code{nl_langinfo}
-@@ -1105,6 +1112,11 @@ locale information, making it easier for the user to format
- numbers according to these rules.
-
- @deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
-+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
-+@c locale object passed to it, accesses the active locale through
-+@c isdigit (but to_digit assumes ASCII digits only). It may call
-+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
- The @code{strfmon} function is similar to the @code{strftime} function
- in that it takes a buffer, its size, a format string,
- and values to write into the buffer as text in a form specified
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6fb8814..040f48b 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: b54fb6025438aaaf6c4da81f60d0bf50a69c2f70
-Top: b12b2150d8eb3125781678c67a6b9a49c40ecbc0
+Top: e8326e9572adad124fcc425a1b12c12d00136c87
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-31 01:04:01 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..f07135e 100644
+index 2f10fcd..dac8f2e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -154,3 +154,36 @@ index 2f10fcd..f07135e 100644
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
+@@ -414,6 +545,10 @@ according to the selected locale using this information.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {struct lconv *} localeconv (void)
++@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
++@c This function reads from multiple components of the locale object,
++@c without synchronization, while writing to the static buffer it uses
++@c as the return value.
+ The @code{localeconv} function returns a pointer to a structure whose
+ components contain information about how numeric and monetary values
+ should be formatted in the current locale.
+@@ -680,6 +815,9 @@ was introduced.
+ @comment langinfo.h
+ @comment XOPEN
+ @deftypefun {char *} nl_langinfo (nl_item @var{item})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c It calls _nl_langinfo_l with the current locale, which returns a
++@c pointer into constant strings defined in locale data structures.
+ The @code{nl_langinfo} function can be used to access individual
+ elements of the locale categories. Unlike the @code{localeconv}
+ function, which returns all the information, @code{nl_langinfo}
+@@ -974,6 +1112,11 @@ locale information, making it easier for the user to format
+ numbers according to these rules.
+
+ @deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
++@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
++@c locale object passed to it, accesses the active locale through
++@c isdigit (but to_digit assumes ASCII digits only). It may call
++@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
+ The @code{strfmon} function is similar to the @code{strftime} function
+ in that it takes a buffer, its size, a format string,
+ and values to write into the buffer as text in a form specified
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8186f2187d685f4e0da68346579b07bb9c4a46ee
commit 8186f2187d685f4e0da68346579b07bb9c4a46ee
Merge: 047d89e c7d6002 3e21b59
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:02:50 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=047d89e6abbbd4c344a93df7e8363f4e3b019fbe
commit 047d89e6abbbd4c344a93df7e8363f4e3b019fbe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:02:50 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 173aea3..060d2e7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 274d255020884189382b12ecd37cdf8707241352
-Head: 96b965160d7c3558ccf87abf7f2fd853a03343e5
+Previous: c7d60029d83e9f2ee383fc6007fdd952bdf860bc
+Head: 3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
Applied:
unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: cd1c8927299a03be9624e0b1b54e049371da1500
wip-manual-document-mt-safety-time.patch: 481d3df53d8c568232578ba58d71ddd6b461b9c6
wip-manual-document-mt-safety-locale.patch: 96b965160d7c3558ccf87abf7f2fd853a03343e5
+ refresh-temp: 3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..16d996b
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,46 @@
+Bottom: b12b2150d8eb3125781678c67a6b9a49c40ecbc0
+Top: e8326e9572adad124fcc425a1b12c12d00136c87
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-31 02:02:49 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index f07135e..dac8f2e 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -545,6 +545,10 @@ according to the selected locale using this information.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {struct lconv *} localeconv (void)
++@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
++@c This function reads from multiple components of the locale object,
++@c without synchronization, while writing to the static buffer it uses
++@c as the return value.
+ The @code{localeconv} function returns a pointer to a structure whose
+ components contain information about how numeric and monetary values
+ should be formatted in the current locale.
+@@ -811,6 +815,9 @@ was introduced.
+ @comment langinfo.h
+ @comment XOPEN
+ @deftypefun {char *} nl_langinfo (nl_item @var{item})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c It calls _nl_langinfo_l with the current locale, which returns a
++@c pointer into constant strings defined in locale data structures.
+ The @code{nl_langinfo} function can be used to access individual
+ elements of the locale categories. Unlike the @code{localeconv}
+ function, which returns all the information, @code{nl_langinfo}
+@@ -1105,6 +1112,11 @@ locale information, making it easier for the user to format
+ numbers according to these rules.
+
+ @deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
++@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
++@c locale object passed to it, accesses the active locale through
++@c isdigit (but to_digit assumes ASCII digits only). It may call
++@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
+ The @code{strfmon} function is similar to the @code{strftime} function
+ in that it takes a buffer, its size, a format string,
+ and values to write into the buffer as text in a form specified
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
commit 3e21b59a0e7c43e42e3638ef01345ad3ecaed4bf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 02:02:49 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index f07135e..dac8f2e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -545,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -811,6 +815,9 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -1105,6 +1112,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7d60029d83e9f2ee383fc6007fdd952bdf860bc
commit c7d60029d83e9f2ee383fc6007fdd952bdf860bc
Merge: e6c6c01 96b9651 274d255
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:02 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6c6c013e96a76a5774c8f6b37478c36a8067fa3
commit e6c6c013e96a76a5774c8f6b37478c36a8067fa3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:02 2013 -0300
pull
diff --git a/meta b/meta
index 9792083..173aea3 100644
--- a/meta
+++ b/meta
@@ -1,33 +1,33 @@
Version: 1
-Previous: 4a1b658a629243592ceb4f42b4903286e96fbd9f
-Head: e9145a48fc85e7f29a8589f4c8185647d0907e34
+Previous: 274d255020884189382b12ecd37cdf8707241352
+Head: 96b965160d7c3558ccf87abf7f2fd853a03343e5
Applied:
- unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
- remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
- manual-document-mt-safety.patch: 400cde6651833f07505f9d1b935539ecac53f006
- manual-document-mt-safety-argp.patch: e7b55795888c074364e9070adc34af37c58b1b70
- manual-document-mt-safety-arith.patch: 6d1424edfa9fc55d9ae9188866fc4d07ca999ebb
- manual-document-mt-safety-charset.patch: 57efa1b33f9b1d513d9f5af800c821485ad43bea
- manual-document-mt-safety-conf.patch: 95d536639518ae7a6e106105e40e759ebaac1e85
- manual-document-mt-safety-crypt.patch: bfd41b844cd2a718215b48d96bcfb88a593a3b58
- manual-document-mt-safety-ctype.patch: bc57e1374fa217ebb08b3dc75c515873e34a230f
- manual-document-mt-safety-debug.patch: 69023efa78bdaca363b5de32f56adea8ce05e13b
- manual-document-mt-safety-errno.patch: 14586b49baa8cc3f7130be193d847967e9ce16d8
- manual-document-mt-safety-filesys.patch: 455ec866c88f22881882323df735a2bdd7a2e5c8
- manual-document-mt-safety-getopt.patch: 0b99c70c2cfa83e1c2f06765613650f7d0baa3cd
- manual-document-mt-safety-libdl.patch: 756f4b7231c09a2f3330bfe8cef81cb9affbf4a4
- manual-document-mt-safety-job.patch: 82c921e0fe0e03260273e0c3b9c534cb9ddc83ea
- manual-document-mt-safety-lang.patch: 594da3770c027a01968fcfd3e459fc13bbdbf047
- manual-document-mt-safety-llio.patch: 7fa5c0efde5f43928620b11438856b9174d41391
- manual-document-mt-safety-stdio.patch: e8eca86a677a80f62b5bb0a17597cddf0a3cd9d5
- wip-manual-document-mt-safety-math.patch: 305b77447b06df4c81a48a7f7dc0956ef8fe25e5
- wip-manual-document-mt-safety-resource.patch: 944dd9eb606418530cc96cbaca0aaeb6ec89d590
- wip-manual-document-mt-safety-startup.patch: 2df7a11143b0aec001575ef211e69f2fa271c61d
- wip-manual-document-mt-safety-search.patch: 166b7eedb8e53f936ef842f708c68b2ac2394a76
- wip-manual-document-mt-safety-string.patch: 13b20f6390fe51eabd827a7d4833df7c9b32f962
- wip-manual-document-mt-safety-terminal.patch: 134a32db5ba4664731ebc1c2c15aaad32da69e07
- wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
- wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
- wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
+ unused-scalb-is-scalbn.patch: 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
+ remove-sysdeps-ieee754-support.patch: 874e350341a8e14881907b059e6d988de123648f
+ manual-document-mt-safety.patch: 2241fe9399aa7805b0df7b4abe1de3923d100d96
+ manual-document-mt-safety-argp.patch: c8161f62379675acafc26a1733624d033cc4f6fd
+ manual-document-mt-safety-arith.patch: df0d63ac4db5760df6264dd7c070e46b4bc76bd5
+ manual-document-mt-safety-charset.patch: 5d13721f3fcad9209c33e8ce0d6640a3d334566c
+ manual-document-mt-safety-conf.patch: 468d2e671888f9b5ce639bef1016b1422f469830
+ manual-document-mt-safety-crypt.patch: 09ba3b7906d2614779c884c67726e86105a157d0
+ manual-document-mt-safety-ctype.patch: dbe30b42d6c674a6d02343411c9d29f4bbab2084
+ manual-document-mt-safety-debug.patch: 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
+ manual-document-mt-safety-errno.patch: 3c03cf246bde895688e98b832b45fcc835a9d2dc
+ manual-document-mt-safety-filesys.patch: 76884a41c04d96b2e1bab16fd4f76157c306fc81
+ manual-document-mt-safety-getopt.patch: fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
+ manual-document-mt-safety-libdl.patch: ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
+ manual-document-mt-safety-job.patch: 917a111878057a3254a5aae2a9e436e2da0521f2
+ manual-document-mt-safety-lang.patch: 74404662e804550da523e8be4c8cbca7d1df1e4d
+ manual-document-mt-safety-llio.patch: e500e6b451e90bcfa93b9ebc11eee98ff9948da4
+ manual-document-mt-safety-stdio.patch: 16bbb85f36fbb817d72e3dec082888129ba9cdf4
+ wip-manual-document-mt-safety-math.patch: 79a8df96fa61ec75e4a90255a008417f725c5009
+ wip-manual-document-mt-safety-resource.patch: 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
+ wip-manual-document-mt-safety-startup.patch: 51a856392fd604dac2529a05ed2af3b71b37a583
+ wip-manual-document-mt-safety-search.patch: e05d166acc5534804dd2ee0f91e25d85cb546685
+ wip-manual-document-mt-safety-string.patch: 18a4951c9cbf68f51a2dceaeb4cea3036f0ebea0
+ wip-manual-document-mt-safety-terminal.patch: fccffdf69a6e46c63ce9f4e7adc46b97cceb81c7
+ wip-manual-document-mt-safety-threads.patch: cd1c8927299a03be9624e0b1b54e049371da1500
+ wip-manual-document-mt-safety-time.patch: 481d3df53d8c568232578ba58d71ddd6b461b9c6
+ wip-manual-document-mt-safety-locale.patch: 96b965160d7c3558ccf87abf7f2fd853a03343e5
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 80f0acf..19a841c 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,7 +1,7 @@
-Bottom: 52f86982187c30275067463fb7a6064b54969139
-Top: 9592a99187853c02f7033b271de199e85012a53a
+Bottom: de2c04a442dec6e21ee6d15dbd2ee805641ff07d
+Top: ff129fc9d64565ed78031aabdc52fa74cc712a35
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:39 -0300
+Date: 2013-08-31 01:03:53 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 862a159..8a95b2e 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: 9592a99187853c02f7033b271de199e85012a53a
-Top: a46ac9b1deecd51710762b73ec64e2bb52a9d84b
+Bottom: ff129fc9d64565ed78031aabdc52fa74cc712a35
+Top: 7cb1b26f3679a5f6ca27301fc2d16f2a63ee47ca
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:39 -0300
+Date: 2013-08-31 01:03:54 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 99f9422..73d46a8 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,7 +1,7 @@
-Bottom: a46ac9b1deecd51710762b73ec64e2bb52a9d84b
-Top: bd7cc55350cfbbd116f5a730a8bef8f534c74b53
+Bottom: 7cb1b26f3679a5f6ca27301fc2d16f2a63ee47ca
+Top: 779a8294863d1b2690c20f0ca9f1daa8923465db
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:40 -0300
+Date: 2013-08-31 01:03:54 -0300
Thread safety documentation.
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/charset.texi b/manual/charset.texi
-index e21502e..7e6c416 100644
+index 4042639..4301727 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index a3e730f..c946ce7 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,7 +1,7 @@
-Bottom: bd7cc55350cfbbd116f5a730a8bef8f534c74b53
-Top: cb52d0ad721c1624720477c9407cdb3fef52b742
+Bottom: 779a8294863d1b2690c20f0ca9f1daa8923465db
+Top: 09960a1143878b8e632424d99e7d937edf00b216
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:40 -0300
+Date: 2013-08-31 01:03:54 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 1c47eff..de3f853 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,7 +1,7 @@
-Bottom: cb52d0ad721c1624720477c9407cdb3fef52b742
-Top: cdcfad758945d3cea0d9f124bc38710c8fb23496
+Bottom: 09960a1143878b8e632424d99e7d937edf00b216
+Top: 7302ab50670533c78224e0116d828e5a16d3de27
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:41 -0300
+Date: 2013-08-31 01:03:55 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index e4c63c3..45957f6 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,7 +1,7 @@
-Bottom: cdcfad758945d3cea0d9f124bc38710c8fb23496
-Top: e77fd4ac0a9784c71ac174e7dee32d3e2aa16184
+Bottom: 7302ab50670533c78224e0116d828e5a16d3de27
+Top: 61f991a4922eef0315de140d2138b6630c47e2bd
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:41 -0300
+Date: 2013-08-31 01:03:55 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index c6bc8da..950e552 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,7 +1,7 @@
-Bottom: e77fd4ac0a9784c71ac174e7dee32d3e2aa16184
-Top: b33d6f51141d8f2f5e6b95c5eb48b46237ca4af9
+Bottom: 61f991a4922eef0315de140d2138b6630c47e2bd
+Top: a82dc3aa9258d667b3a320290b024fa27de14d49
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:42 -0300
+Date: 2013-08-31 01:03:55 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 072f554..375b5c7 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,7 +1,7 @@
-Bottom: b33d6f51141d8f2f5e6b95c5eb48b46237ca4af9
-Top: 0d10a649c4473d9a6fb609ec81fa26e8a629d061
+Bottom: a82dc3aa9258d667b3a320290b024fa27de14d49
+Top: cd380e093eb8bd489394de0daad301f35820b2e8
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:43 -0300
+Date: 2013-08-31 01:03:55 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index aef66bc..147c536 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,7 +1,7 @@
-Bottom: 0d10a649c4473d9a6fb609ec81fa26e8a629d061
-Top: e36ec2efcbfbb0271060509e53c1c357a9688a7f
+Bottom: cd380e093eb8bd489394de0daad301f35820b2e8
+Top: 157f057fc8982c458959738c2a2c8d76e6c12c7e
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:43 -0300
+Date: 2013-08-31 01:03:56 -0300
Thread safety documentation.
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 814c210..c7eb13b 100644
+index 1cac453..182fd33 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@@ -406,7 +406,7 @@ index 814c210..c7eb13b 100644
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@@ -449,7 +449,7 @@ index 814c210..c7eb13b 100644
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@@ -701,7 +701,7 @@ index 814c210..c7eb13b 100644
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
- be used for files larger then @math{2^31} bytes on 32-bit machines.
+ be used for files larger than @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index f2ba59a..bcdbbf6 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,7 +1,7 @@
-Bottom: e36ec2efcbfbb0271060509e53c1c357a9688a7f
-Top: 070ad4074ca24a78565b334b04451ba020429abe
+Bottom: 157f057fc8982c458959738c2a2c8d76e6c12c7e
+Top: ec1fe87f340be1e74d6dfed9db87effb228b388c
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:44 -0300
+Date: 2013-08-31 01:03:56 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 85da9aa..9cca92e 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,7 +1,7 @@
-Bottom: 9fe02cfc9a3804b9559a551581b75c028f9b91bd
-Top: ccbfd7f0cfb967e1801d4cd3f0d65b69ea3f11a4
+Bottom: 5b7b7d31d8b0edd9f840eb090384f78097436481
+Top: 9b155e11463623a6a0bb95400b2498182e34583a
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:50 -0300
+Date: 2013-08-31 01:03:57 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 3cd2f00..b53eeb2 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,7 +1,7 @@
-Bottom: ccbfd7f0cfb967e1801d4cd3f0d65b69ea3f11a4
-Top: f7f7a15f0c84bba8877a582df6dbd055187a041c
+Bottom: 9b155e11463623a6a0bb95400b2498182e34583a
+Top: 9b7095b69b6581c1fcfb8e18046f496fbc149994
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:51 -0300
+Date: 2013-08-31 01:03:57 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 4affaf8..02605ec 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,7 +1,7 @@
-Bottom: 070ad4074ca24a78565b334b04451ba020429abe
-Top: 9fe02cfc9a3804b9559a551581b75c028f9b91bd
+Bottom: ec1fe87f340be1e74d6dfed9db87effb228b388c
+Top: 5b7b7d31d8b0edd9f840eb090384f78097436481
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:49 -0300
+Date: 2013-08-31 01:03:57 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 364aea5..f160a84 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,7 +1,7 @@
-Bottom: f7f7a15f0c84bba8877a582df6dbd055187a041c
-Top: 97e0541602be704b65a32187d99e52c3138d4d04
+Bottom: 9b7095b69b6581c1fcfb8e18046f496fbc149994
+Top: 7fe65183ca01afbf35f279fb8a0031a5633d2a1e
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:51 -0300
+Date: 2013-08-31 01:03:57 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index e6d842e..702eefe 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,7 +1,7 @@
-Bottom: 97e0541602be704b65a32187d99e52c3138d4d04
-Top: 71911a0d161093360cc979a0f75987e8706f33b6
+Bottom: 7fe65183ca01afbf35f279fb8a0031a5633d2a1e
+Top: 59fc607250a481aac5da87d4296f1783f949792b
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:52 -0300
+Date: 2013-08-31 01:03:58 -0300
Thread safety documentation.
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 3f9be9bc5..5667af3 100644
+index 30630ca..dad1072 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@@ -32,7 +32,7 @@ index 3f9be9bc5..5667af3 100644
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
- used even on files larger then @math{2^31} bytes on 32 bit machines.
+ used even on files larger than @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index ff2b700..9d5b78a 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 98aee56c2b6c46ef89db799efabe6ab30c9729a1
-Top: 52f86982187c30275067463fb7a6064b54969139
+Bottom: fbc726828e79b09120a7ad26f8023c8e3d2b938a
+Top: de2c04a442dec6e21ee6d15dbd2ee805641ff07d
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:37 -0300
+Date: 2013-08-31 01:03:53 -0300
Thread safety documentation.
diff --git a/patches/remove-sysdeps-ieee754-support.patch b/patches/remove-sysdeps-ieee754-support.patch
index ce4346c..42439af 100644
--- a/patches/remove-sysdeps-ieee754-support.patch
+++ b/patches/remove-sysdeps-ieee754-support.patch
@@ -1,7 +1,7 @@
-Bottom: a37ea8d691d49aaa2e36925f64cadc88674f1b39
-Top: 98aee56c2b6c46ef89db799efabe6ab30c9729a1
+Bottom: 9214bdbc43d0e9ed1e61845468d28bc264d090eb
+Top: fbc726828e79b09120a7ad26f8023c8e3d2b938a
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:36 -0300
+Date: 2013-08-31 01:03:53 -0300
Remove unused sysdeps/ieee754/support.c.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 2bc2eea..9c88c0f 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: ca1315b0033f11c3f3d8879e9e0fb14d71dadf3b
-Top: a37ea8d691d49aaa2e36925f64cadc88674f1b39
+Bottom: 02fc799233452f582117de740b583117f983882b
+Top: 9214bdbc43d0e9ed1e61845468d28bc264d090eb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:34 -0300
+Date: 2013-08-31 01:03:52 -0300
Rename unused scalb to scalbn to match prototype.
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index cae2acb..6fb8814 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,7 +1,7 @@
-Bottom: f528b7b2631aa970b7a9c2868269f120e51ddf6f
-Top: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
+Bottom: b54fb6025438aaaf6c4da81f60d0bf50a69c2f70
+Top: b12b2150d8eb3125781678c67a6b9a49c40ecbc0
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:13:05 -0300
+Date: 2013-08-31 01:04:01 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 77b2631..e669a0c 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,7 +1,7 @@
-Bottom: 71911a0d161093360cc979a0f75987e8706f33b6
-Top: 48f3dc76c3e3461d4a79137423312ee9d4a99ee0
+Bottom: 59fc607250a481aac5da87d4296f1783f949792b
+Top: 2a4babdd62df27c5861aa15305c7f516dc172d00
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:52 -0300
+Date: 2013-08-31 01:03:58 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index ee57db1..282cdf8 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,7 +1,7 @@
-Bottom: 48f3dc76c3e3461d4a79137423312ee9d4a99ee0
-Top: fe2388feda441b099b6db701fab60199b9a385f0
+Bottom: 2a4babdd62df27c5861aa15305c7f516dc172d00
+Top: 8454b90778b1ebde46471a8e807c55534059dee4
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:53 -0300
+Date: 2013-08-31 01:03:59 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index a4722b4..ec0a5e5 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,7 +1,7 @@
-Bottom: 54f51cc24c8038bf966957936a78214bb4001b07
-Top: aa3dbf5537f25ecc771448e84d89b4535b1c6f70
+Bottom: 5c2e4fd6e27fcf98265b31f0b27f64539262961f
+Top: 9bb36bae725f82fa35390671a43725efcd84ec88
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:54 -0300
+Date: 2013-08-31 01:03:59 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 7f82f0a..78a28cb 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,7 +1,7 @@
-Bottom: fe2388feda441b099b6db701fab60199b9a385f0
-Top: 54f51cc24c8038bf966957936a78214bb4001b07
+Bottom: 8454b90778b1ebde46471a8e807c55534059dee4
+Top: 5c2e4fd6e27fcf98265b31f0b27f64539262961f
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:53 -0300
+Date: 2013-08-31 01:03:59 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index f8b1f7d..8eca966 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,7 +1,7 @@
-Bottom: aa3dbf5537f25ecc771448e84d89b4535b1c6f70
-Top: df309a874addf70b8a7a1debf3b0de3512d70a58
+Bottom: 9bb36bae725f82fa35390671a43725efcd84ec88
+Top: f2dc9605a7f5fc5e97f7243ee13b18c3e34fe5e3
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:12:54 -0300
+Date: 2013-08-31 01:04:00 -0300
Thread safety documentation.
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..1408033 100644
+index 2a164a9..173306c 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index cf5d100..b00c262 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,7 +1,7 @@
-Bottom: df309a874addf70b8a7a1debf3b0de3512d70a58
-Top: 113ab3d6e3ff6f9318e93ab05c0aca48dd213a9e
+Bottom: f2dc9605a7f5fc5e97f7243ee13b18c3e34fe5e3
+Top: 1d8bfc5bb628af156d0866fcd40fe986599d3a7c
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:13:02 -0300
+Date: 2013-08-31 01:04:00 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 9aecb4a..33794ed 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,7 +1,7 @@
-Bottom: 113ab3d6e3ff6f9318e93ab05c0aca48dd213a9e
-Top: 004b08ebe327a6ae66f437a41c9ef84820f7f127
+Bottom: 1d8bfc5bb628af156d0866fcd40fe986599d3a7c
+Top: 5c6fad90032135d6828414f74e8eae1b8bcf1954
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:13:03 -0300
+Date: 2013-08-31 01:04:00 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 0271f4f..877577b 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,7 +1,7 @@
-Bottom: 004b08ebe327a6ae66f437a41c9ef84820f7f127
-Top: f528b7b2631aa970b7a9c2868269f120e51ddf6f
+Bottom: 5c6fad90032135d6828414f74e8eae1b8bcf1954
+Top: b54fb6025438aaaf6c4da81f60d0bf50a69c2f70
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:13:04 -0300
+Date: 2013-08-31 01:04:00 -0300
Thread safety documentation.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a972cbb641150922f5dea32a6f655e40414c86ff
commit a972cbb641150922f5dea32a6f655e40414c86ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..dac8f2e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
@@ -414,6 +545,10 @@ according to the selected locale using this information.
@comment locale.h
@comment ISO
@deftypefun {struct lconv *} localeconv (void)
+@safety{@mtunsafe{staticbuf, glocale}@assafe{}@acsafe{}}
+@c This function reads from multiple components of the locale object,
+@c without synchronization, while writing to the static buffer it uses
+@c as the return value.
The @code{localeconv} function returns a pointer to a structure whose
components contain information about how numeric and monetary values
should be formatted in the current locale.
@@ -680,6 +815,9 @@ was introduced.
@comment langinfo.h
@comment XOPEN
@deftypefun {char *} nl_langinfo (nl_item @var{item})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c It calls _nl_langinfo_l with the current locale, which returns a
+@c pointer into constant strings defined in locale data structures.
The @code{nl_langinfo} function can be used to access individual
elements of the locale categories. Unlike the @code{localeconv}
function, which returns all the information, @code{nl_langinfo}
@@ -974,6 +1112,11 @@ locale information, making it easier for the user to format
numbers according to these rules.
@deftypefun ssize_t strfmon (char *@var{s}, size_t @var{maxsize}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c It (and strfmon_l) both call vstrfmon_l, which, besides accessing the
+@c locale object passed to it, accesses the active locale through
+@c isdigit (but to_digit assumes ASCII digits only). It may call
+@c __printf_fp (glocale, asmalloc, memleak) and guess_grouping (safe).
The @code{strfmon} function is similar to the @code{strftime} function
in that it takes a buffer, its size, a format string,
and values to write into the buffer as text in a form specified
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96b965160d7c3558ccf87abf7f2fd853a03343e5
commit 96b965160d7c3558ccf87abf7f2fd853a03343e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:01 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..f07135e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=481d3df53d8c568232578ba58d71ddd6b461b9c6
commit 481d3df53d8c568232578ba58d71ddd6b461b9c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd1c8927299a03be9624e0b1b54e049371da1500
commit cd1c8927299a03be9624e0b1b54e049371da1500
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fccffdf69a6e46c63ce9f4e7adc46b97cceb81c7
commit fccffdf69a6e46c63ce9f4e7adc46b97cceb81c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=18a4951c9cbf68f51a2dceaeb4cea3036f0ebea0
commit 18a4951c9cbf68f51a2dceaeb4cea3036f0ebea0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:04:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 2a164a9..173306c 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e05d166acc5534804dd2ee0f91e25d85cb546685
commit e05d166acc5534804dd2ee0f91e25d85cb546685
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=51a856392fd604dac2529a05ed2af3b71b37a583
commit 51a856392fd604dac2529a05ed2af3b71b37a583
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=37096c9f7bf26b43c6b010e9629edea7cb89d1e8
commit 37096c9f7bf26b43c6b010e9629edea7cb89d1e8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7c4dccbbd275011bd7e03d69e5026089a03dbc7b
commit 7c4dccbbd275011bd7e03d69e5026089a03dbc7b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 30630ca..9ffe87b 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger than @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale, asmalloc, memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16bbb85f36fbb817d72e3dec082888129ba9cdf4
commit 16bbb85f36fbb817d72e3dec082888129ba9cdf4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 30630ca..dad1072 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger than @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=79a8df96fa61ec75e4a90255a008417f725c5009
commit 79a8df96fa61ec75e4a90255a008417f725c5009
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:58 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e500e6b451e90bcfa93b9ebc11eee98ff9948da4
commit e500e6b451e90bcfa93b9ebc11eee98ff9948da4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74404662e804550da523e8be4c8cbca7d1df1e4d
commit 74404662e804550da523e8be4c8cbca7d1df1e4d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=917a111878057a3254a5aae2a9e436e2da0521f2
commit 917a111878057a3254a5aae2a9e436e2da0521f2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
commit ac5bbc507973eb6ce1cd3b11d0456f31bdbea7d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:57 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d11a5f289468002d2e001e32fbc1db8a8ab6004d
commit d11a5f289468002d2e001e32fbc1db8a8ab6004d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1cac453..cd23ff6 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Calls strverscmp, which will evaluate .
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{glocale}@asunsafe{asmalloc}@acsafe{memleak}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger than @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76884a41c04d96b2e1bab16fd4f76157c306fc81
commit 76884a41c04d96b2e1bab16fd4f76157c306fc81
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1cac453..182fd33 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger than @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger than @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
commit fdbe248de910c1e7ef9ae9b744eed8d658ac5d29
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c03cf246bde895688e98b832b45fcc835a9d2dc
commit 3c03cf246bde895688e98b832b45fcc835a9d2dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
commit 1aa7f3b6fc9a8771b43d3adb63e254f8caf5aa5b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dbe30b42d6c674a6d02343411c9d29f4bbab2084
commit dbe30b42d6c674a6d02343411c9d29f4bbab2084
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=09ba3b7906d2614779c884c67726e86105a157d0
commit 09ba3b7906d2614779c884c67726e86105a157d0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=468d2e671888f9b5ce639bef1016b1422f469830
commit 468d2e671888f9b5ce639bef1016b1422f469830
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:54 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d13721f3fcad9209c33e8ce0d6640a3d334566c
commit 5d13721f3fcad9209c33e8ce0d6640a3d334566c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:54 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index 4042639..4301727 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df0d63ac4db5760df6264dd7c070e46b4bc76bd5
commit df0d63ac4db5760df6264dd7c070e46b4bc76bd5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:54 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c8161f62379675acafc26a1733624d033cc4f6fd
commit c8161f62379675acafc26a1733624d033cc4f6fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2241fe9399aa7805b0df7b4abe1de3923d100d96
commit 2241fe9399aa7805b0df7b4abe1de3923d100d96
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..c3142ad 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,434 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{oncesafe}
+@cindex oncesafe
+
+Functions marked with @code{oncesafe} use the internal @code{libc_once}
+machinery to initialize internal data structures.
+
+If a signal handler interrupts such an initializer, and calls any
+function that also performs @code{libc_once} initialization, it will
+deadlock if the thread library is linked in.
+
+Furthermore, if an initializer is partially complete before it is
+canceled or interrupted by a signal whose handler requires the same
+initialization, some or all of the initialization may be performed more
+than once, leaking resources or even result in corrupt internal data
+structures.
+
+Applications that need to call functions marked with @code{oncesafe}
+should ensure the initialization is performed before configuring signal
+handlers or enabling cancellation, so that the AS- and AC-Safety issues
+related with @code{libc_once} do not arise.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=874e350341a8e14881907b059e6d988de123648f
commit 874e350341a8e14881907b059e6d988de123648f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:53 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
commit 1e5d1e38b6a866f88772d34ec2d1b3a75d78b233
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 31 01:03:52 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=274d255020884189382b12ecd37cdf8707241352
commit 274d255020884189382b12ecd37cdf8707241352
Merge: e33468d 4a1b658
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 23:13:57 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e33468dfde1f9cbf5d349d2b7524dae24ab7571a
commit e33468dfde1f9cbf5d349d2b7524dae24ab7571a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 23:13:57 2013 -0300
delete
diff --git a/meta b/meta
index 001de77..9792083 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 80e0455b67075e630585206b0ea1552b7a1cd357
-Head: d718831b3f61b35bf4c5294b9f3dacecf9129241
+Previous: 4a1b658a629243592ceb4f42b4903286e96fbd9f
+Head: e9145a48fc85e7f29a8589f4c8185647d0907e34
Applied:
unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
@@ -29,6 +29,5 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
- findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: d718831b3f61b35bf4c5294b9f3dacecf9129241
Unapplied:
Hidden:
diff --git a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
deleted file mode 100644
index 986e278..0000000
--- a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Bottom: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
-Top: 75c468eb7e225d96ebe0204714f96b4451f3fd0a
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-30 05:59:33 -0300
-
-for ChangeLog
-
- * locale/findlocale.c (_nl_find_locale): Retry archive search
- after alias expansion.
-
-
----
-
-diff --git a/locale/findlocale.c b/locale/findlocale.c
-index 3c04aa8..845e260 100644
---- a/locale/findlocale.c
-+++ b/locale/findlocale.c
-@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
- if (__builtin_expect (data != NULL, 1))
- return data;
-
-+ /* Nothing in the archive with the given name. Expanding it as
-+ an alias and retry. */
-+ loc_name = (char *) _nl_expand_alias (*name);
-+ if (loc_name != NULL)
-+ {
-+ data = _nl_load_locale_from_archive (category, &loc_name);
-+ if (__builtin_expect (data != NULL, 1))
-+ return data;
-+ }
-+
- /* Nothing in the archive. Set the default path to search below. */
- locale_path = _nl_default_locale_path;
- locale_path_len = sizeof _nl_default_locale_path;
- }
-+ else
-+ /* We really have to load some data. First see whether the name is
-+ an alias. Please note that this makes it impossible to have "C"
-+ or "POSIX" as aliases. */
-+ loc_name = (char *) _nl_expand_alias (*name);
-
-- /* We really have to load some data. First see whether the name is
-- an alias. Please note that this makes it impossible to have "C"
-- or "POSIX" as aliases. */
-- loc_name = (char *) _nl_expand_alias (*name);
- if (loc_name == NULL)
- /* It is no alias. */
- loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4a1b658a629243592ceb4f42b4903286e96fbd9f
commit 4a1b658a629243592ceb4f42b4903286e96fbd9f
Merge: 41e7048 d718831 80e0455
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:32:06 2013 -0300
edit
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41e704870eeb1585ee160a3662c080e6b31097a6
commit 41e704870eeb1585ee160a3662c080e6b31097a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:32:05 2013 -0300
edit
diff --git a/meta b/meta
index 3724b06..001de77 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a69aa964ee9c141d2ba641e386f41ece69949757
-Head: 48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
+Previous: 80e0455b67075e630585206b0ea1552b7a1cd357
+Head: d718831b3f61b35bf4c5294b9f3dacecf9129241
Applied:
unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
@@ -29,6 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
- findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: 48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
+ findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: d718831b3f61b35bf4c5294b9f3dacecf9129241
Unapplied:
Hidden:
diff --git a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
index 6af5b0e..986e278 100644
--- a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
+++ b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
@@ -3,6 +3,10 @@ Top: 75c468eb7e225d96ebe0204714f96b4451f3fd0a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-30 05:59:33 -0300
+for ChangeLog
+
+ * locale/findlocale.c (_nl_find_locale): Retry archive search
+ after alias expansion.
---
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=80e0455b67075e630585206b0ea1552b7a1cd357
commit 80e0455b67075e630585206b0ea1552b7a1cd357
Merge: 2d3673a 48e7f0d a69aa96
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:28:09 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d3673a48417b9d1eeb530b30ae919acd30333fe
commit 2d3673a48417b9d1eeb530b30ae919acd30333fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:28:09 2013 -0300
refresh
diff --git a/meta b/meta
index 9af3130..3724b06 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 23a49bbd1b4d603ce593518a42222134c86f5b1f
-Head: 95f57b0f6653d3b139058271efecc59d17a651ad
+Previous: a69aa964ee9c141d2ba641e386f41ece69949757
+Head: 48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
Applied:
unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
- findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: a4e7e35ce50fa9d42b9da7445b6801548993b8a6
- refresh-temp: 95f57b0f6653d3b139058271efecc59d17a651ad
+ findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: 48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
Unapplied:
Hidden:
diff --git a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
index 1cb140d..6af5b0e 100644
--- a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
+++ b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
@@ -1,5 +1,5 @@
Bottom: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
-Top: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
+Top: 75c468eb7e225d96ebe0204714f96b4451f3fd0a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-30 05:59:33 -0300
@@ -7,4 +7,38 @@ Date: 2013-08-30 05:59:33 -0300
---
-
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index 3c04aa8..845e260 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+ if (__builtin_expect (data != NULL, 1))
+ return data;
+
++ /* Nothing in the archive with the given name. Expanding it as
++ an alias and retry. */
++ loc_name = (char *) _nl_expand_alias (*name);
++ if (loc_name != NULL)
++ {
++ data = _nl_load_locale_from_archive (category, &loc_name);
++ if (__builtin_expect (data != NULL, 1))
++ return data;
++ }
++
+ /* Nothing in the archive. Set the default path to search below. */
+ locale_path = _nl_default_locale_path;
+ locale_path_len = sizeof _nl_default_locale_path;
+ }
++ else
++ /* We really have to load some data. First see whether the name is
++ an alias. Please note that this makes it impossible to have "C"
++ or "POSIX" as aliases. */
++ loc_name = (char *) _nl_expand_alias (*name);
+
+- /* We really have to load some data. First see whether the name is
+- an alias. Please note that this makes it impossible to have "C"
+- or "POSIX" as aliases. */
+- loc_name = (char *) _nl_expand_alias (*name);
+ if (loc_name == NULL)
+ /* It is no alias. */
+ loc_name = (char *) *name;
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d7b80e6..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,44 +0,0 @@
-Bottom: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
-Top: 75c468eb7e225d96ebe0204714f96b4451f3fd0a
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-30 06:28:08 -0300
-
-Refresh of findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
-
----
-
-diff --git a/locale/findlocale.c b/locale/findlocale.c
-index 3c04aa8..845e260 100644
---- a/locale/findlocale.c
-+++ b/locale/findlocale.c
-@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
- if (__builtin_expect (data != NULL, 1))
- return data;
-
-+ /* Nothing in the archive with the given name. Expanding it as
-+ an alias and retry. */
-+ loc_name = (char *) _nl_expand_alias (*name);
-+ if (loc_name != NULL)
-+ {
-+ data = _nl_load_locale_from_archive (category, &loc_name);
-+ if (__builtin_expect (data != NULL, 1))
-+ return data;
-+ }
-+
- /* Nothing in the archive. Set the default path to search below. */
- locale_path = _nl_default_locale_path;
- locale_path_len = sizeof _nl_default_locale_path;
- }
-+ else
-+ /* We really have to load some data. First see whether the name is
-+ an alias. Please note that this makes it impossible to have "C"
-+ or "POSIX" as aliases. */
-+ loc_name = (char *) _nl_expand_alias (*name);
-
-- /* We really have to load some data. First see whether the name is
-- an alias. Please note that this makes it impossible to have "C"
-- or "POSIX" as aliases. */
-- loc_name = (char *) _nl_expand_alias (*name);
- if (loc_name == NULL)
- /* It is no alias. */
- loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a69aa964ee9c141d2ba641e386f41ece69949757
commit a69aa964ee9c141d2ba641e386f41ece69949757
Merge: ea79bcf 23a49bb 95f57b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:28:09 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea79bcfcfa0047f8dff7e142765075f606f45825
commit ea79bcfcfa0047f8dff7e142765075f606f45825
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:28:09 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 3e6cb95..9af3130 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 26fd40554d5b72c9a2d885d795381d2bab28ee9f
-Head: a4e7e35ce50fa9d42b9da7445b6801548993b8a6
+Previous: 23a49bbd1b4d603ce593518a42222134c86f5b1f
+Head: 95f57b0f6653d3b139058271efecc59d17a651ad
Applied:
unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: a4e7e35ce50fa9d42b9da7445b6801548993b8a6
+ refresh-temp: 95f57b0f6653d3b139058271efecc59d17a651ad
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d7b80e6
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,44 @@
+Bottom: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
+Top: 75c468eb7e225d96ebe0204714f96b4451f3fd0a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-30 06:28:08 -0300
+
+Refresh of findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
+
+---
+
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index 3c04aa8..845e260 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+ if (__builtin_expect (data != NULL, 1))
+ return data;
+
++ /* Nothing in the archive with the given name. Expanding it as
++ an alias and retry. */
++ loc_name = (char *) _nl_expand_alias (*name);
++ if (loc_name != NULL)
++ {
++ data = _nl_load_locale_from_archive (category, &loc_name);
++ if (__builtin_expect (data != NULL, 1))
++ return data;
++ }
++
+ /* Nothing in the archive. Set the default path to search below. */
+ locale_path = _nl_default_locale_path;
+ locale_path_len = sizeof _nl_default_locale_path;
+ }
++ else
++ /* We really have to load some data. First see whether the name is
++ an alias. Please note that this makes it impossible to have "C"
++ or "POSIX" as aliases. */
++ loc_name = (char *) _nl_expand_alias (*name);
+
+- /* We really have to load some data. First see whether the name is
+- an alias. Please note that this makes it impossible to have "C"
+- or "POSIX" as aliases. */
+- loc_name = (char *) _nl_expand_alias (*name);
+ if (loc_name == NULL)
+ /* It is no alias. */
+ loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95f57b0f6653d3b139058271efecc59d17a651ad
commit 95f57b0f6653d3b139058271efecc59d17a651ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 06:28:08 2013 -0300
Refresh of findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
diff --git a/locale/findlocale.c b/locale/findlocale.c
index 3c04aa8..845e260 100644
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
if (__builtin_expect (data != NULL, 1))
return data;
+ /* Nothing in the archive with the given name. Expanding it as
+ an alias and retry. */
+ loc_name = (char *) _nl_expand_alias (*name);
+ if (loc_name != NULL)
+ {
+ data = _nl_load_locale_from_archive (category, &loc_name);
+ if (__builtin_expect (data != NULL, 1))
+ return data;
+ }
+
/* Nothing in the archive. Set the default path to search below. */
locale_path = _nl_default_locale_path;
locale_path_len = sizeof _nl_default_locale_path;
}
+ else
+ /* We really have to load some data. First see whether the name is
+ an alias. Please note that this makes it impossible to have "C"
+ or "POSIX" as aliases. */
+ loc_name = (char *) _nl_expand_alias (*name);
- /* We really have to load some data. First see whether the name is
- an alias. Please note that this makes it impossible to have "C"
- or "POSIX" as aliases. */
- loc_name = (char *) _nl_expand_alias (*name);
if (loc_name == NULL)
/* It is no alias. */
loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d718831b3f61b35bf4c5294b9f3dacecf9129241
commit d718831b3f61b35bf4c5294b9f3dacecf9129241
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 05:59:33 2013 -0300
for ChangeLog
* locale/findlocale.c (_nl_find_locale): Retry archive search
after alias expansion.
diff --git a/locale/findlocale.c b/locale/findlocale.c
index 3c04aa8..845e260 100644
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
if (__builtin_expect (data != NULL, 1))
return data;
+ /* Nothing in the archive with the given name. Expanding it as
+ an alias and retry. */
+ loc_name = (char *) _nl_expand_alias (*name);
+ if (loc_name != NULL)
+ {
+ data = _nl_load_locale_from_archive (category, &loc_name);
+ if (__builtin_expect (data != NULL, 1))
+ return data;
+ }
+
/* Nothing in the archive. Set the default path to search below. */
locale_path = _nl_default_locale_path;
locale_path_len = sizeof _nl_default_locale_path;
}
+ else
+ /* We really have to load some data. First see whether the name is
+ an alias. Please note that this makes it impossible to have "C"
+ or "POSIX" as aliases. */
+ loc_name = (char *) _nl_expand_alias (*name);
- /* We really have to load some data. First see whether the name is
- an alias. Please note that this makes it impossible to have "C"
- or "POSIX" as aliases. */
- loc_name = (char *) _nl_expand_alias (*name);
if (loc_name == NULL)
/* It is no alias. */
loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
commit 48e7f0dbb3219c6e9deeec4cea6a51c1991aa9b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 05:59:33 2013 -0300
diff --git a/locale/findlocale.c b/locale/findlocale.c
index 3c04aa8..845e260 100644
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -108,15 +108,26 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
if (__builtin_expect (data != NULL, 1))
return data;
+ /* Nothing in the archive with the given name. Expanding it as
+ an alias and retry. */
+ loc_name = (char *) _nl_expand_alias (*name);
+ if (loc_name != NULL)
+ {
+ data = _nl_load_locale_from_archive (category, &loc_name);
+ if (__builtin_expect (data != NULL, 1))
+ return data;
+ }
+
/* Nothing in the archive. Set the default path to search below. */
locale_path = _nl_default_locale_path;
locale_path_len = sizeof _nl_default_locale_path;
}
+ else
+ /* We really have to load some data. First see whether the name is
+ an alias. Please note that this makes it impossible to have "C"
+ or "POSIX" as aliases. */
+ loc_name = (char *) _nl_expand_alias (*name);
- /* We really have to load some data. First see whether the name is
- an alias. Please note that this makes it impossible to have "C"
- or "POSIX" as aliases. */
- loc_name = (char *) _nl_expand_alias (*name);
if (loc_name == NULL)
/* It is no alias. */
loc_name = (char *) *name;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=23a49bbd1b4d603ce593518a42222134c86f5b1f
commit 23a49bbd1b4d603ce593518a42222134c86f5b1f
Merge: f9f3928 26fd405 a4e7e35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 05:59:33 2013 -0300
new
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f9f3928eed980d33c34b63c72d43ecd24115392a
commit f9f3928eed980d33c34b63c72d43ecd24115392a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 05:59:33 2013 -0300
new
diff --git a/meta b/meta
index b2ac64b..3e6cb95 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f629830e477da31c658efce637dcd5bf11b00ed8
-Head: e9145a48fc85e7f29a8589f4c8185647d0907e34
+Previous: 26fd40554d5b72c9a2d885d795381d2bab28ee9f
+Head: a4e7e35ce50fa9d42b9da7445b6801548993b8a6
Applied:
unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
+ findlocale-re-search-alias-in-archive-bz971416-bz928729.patch: a4e7e35ce50fa9d42b9da7445b6801548993b8a6
Unapplied:
Hidden:
diff --git a/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
new file mode 100644
index 0000000..1cb140d
--- /dev/null
+++ b/patches/findlocale-re-search-alias-in-archive-bz971416-bz928729.patch
@@ -0,0 +1,10 @@
+Bottom: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
+Top: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-30 05:59:33 -0300
+
+
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a4e7e35ce50fa9d42b9da7445b6801548993b8a6
commit a4e7e35ce50fa9d42b9da7445b6801548993b8a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 30 05:59:33 2013 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=26fd40554d5b72c9a2d885d795381d2bab28ee9f
commit 26fd40554d5b72c9a2d885d795381d2bab28ee9f
Merge: 88a0a6d e9145a4 f629830
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:08 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=88a0a6d160bee6798b8d7102daa93fbedf481b79
commit 88a0a6d160bee6798b8d7102daa93fbedf481b79
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:08 2013 -0300
pull
diff --git a/meta b/meta
index fa4c5d2..b2ac64b 100644
--- a/meta
+++ b/meta
@@ -1,33 +1,33 @@
Version: 1
-Previous: af9711c5b7808f21ee60eb46c8048c3d054f0c31
-Head: 2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
+Previous: f629830e477da31c658efce637dcd5bf11b00ed8
+Head: e9145a48fc85e7f29a8589f4c8185647d0907e34
Applied:
- unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
- remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
- manual-document-mt-safety.patch: 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
- manual-document-mt-safety-argp.patch: aaf60aa78ffc0da9405c007a36e9b5ad89f4d7e0
- manual-document-mt-safety-arith.patch: f5408aef8fd0f838855b341cf29d4b3b0761ceae
- manual-document-mt-safety-charset.patch: acec40190ccb799a124103745f39b272f5c5afa2
- manual-document-mt-safety-conf.patch: 3f8919133306d121a29dea94df850074c59c9327
- manual-document-mt-safety-crypt.patch: d10d9de8dc6b4909fc2ffaca9df6c08f497fe430
- manual-document-mt-safety-ctype.patch: fe95a108afa92a848495f13bf1be98adf8eb7539
- manual-document-mt-safety-debug.patch: 4e7d13cc87a994e6738371f001e34d4304db738f
- manual-document-mt-safety-errno.patch: ed15acd8f144cf7fab2cb273f29a678af72fee1d
- manual-document-mt-safety-filesys.patch: 841af416cc09ad9a10c030373274b83b7bf0e9f8
- manual-document-mt-safety-getopt.patch: 8643cf752f8e508001e1faf25a3a50b940f5fcac
- manual-document-mt-safety-libdl.patch: d7b8694a2eee5f336076db4c86e31d0a3e8a5884
- manual-document-mt-safety-job.patch: dc5cc158e96987de0e4069e83b8553ae1d968df3
- manual-document-mt-safety-lang.patch: 8d1637219ed7cc2f3bb4819d7a586659f1da3e50
- manual-document-mt-safety-llio.patch: 114949fad3069f3c51d1cd9901a799988e8377b7
- manual-document-mt-safety-stdio.patch: 5da6c6fb3d7087914a9d5b07d2c138b48d07891d
- wip-manual-document-mt-safety-math.patch: 9465760239804be9c83371f416900c5d2b77c585
- wip-manual-document-mt-safety-resource.patch: c071176c59f53ce8f1dfe15b851b99e7818cead1
- wip-manual-document-mt-safety-startup.patch: 39bee707673a40f9f7ad816a32cb2b80767d24f5
- wip-manual-document-mt-safety-search.patch: 7e937af701f2fa859ae881c59ced25cc3182ef1b
- wip-manual-document-mt-safety-string.patch: 6c188d6d1877e318d247a68b863d6f25c5f62965
- wip-manual-document-mt-safety-terminal.patch: d4b7d87f6ac0c1c4f537289efc7877c4d5bbae93
- wip-manual-document-mt-safety-threads.patch: 3c71f75c7c0c64263bc679cc89fbfbcea8753653
- wip-manual-document-mt-safety-time.patch: 0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
- wip-manual-document-mt-safety-locale.patch: 2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
+ unused-scalb-is-scalbn.patch: 601f2444208808e1d17c679fa7a119ccb9db4254
+ remove-sysdeps-ieee754-support.patch: 34abea62b6ff2865a7f75c0d5186018b3a82899d
+ manual-document-mt-safety.patch: 400cde6651833f07505f9d1b935539ecac53f006
+ manual-document-mt-safety-argp.patch: e7b55795888c074364e9070adc34af37c58b1b70
+ manual-document-mt-safety-arith.patch: 6d1424edfa9fc55d9ae9188866fc4d07ca999ebb
+ manual-document-mt-safety-charset.patch: 57efa1b33f9b1d513d9f5af800c821485ad43bea
+ manual-document-mt-safety-conf.patch: 95d536639518ae7a6e106105e40e759ebaac1e85
+ manual-document-mt-safety-crypt.patch: bfd41b844cd2a718215b48d96bcfb88a593a3b58
+ manual-document-mt-safety-ctype.patch: bc57e1374fa217ebb08b3dc75c515873e34a230f
+ manual-document-mt-safety-debug.patch: 69023efa78bdaca363b5de32f56adea8ce05e13b
+ manual-document-mt-safety-errno.patch: 14586b49baa8cc3f7130be193d847967e9ce16d8
+ manual-document-mt-safety-filesys.patch: 455ec866c88f22881882323df735a2bdd7a2e5c8
+ manual-document-mt-safety-getopt.patch: 0b99c70c2cfa83e1c2f06765613650f7d0baa3cd
+ manual-document-mt-safety-libdl.patch: 756f4b7231c09a2f3330bfe8cef81cb9affbf4a4
+ manual-document-mt-safety-job.patch: 82c921e0fe0e03260273e0c3b9c534cb9ddc83ea
+ manual-document-mt-safety-lang.patch: 594da3770c027a01968fcfd3e459fc13bbdbf047
+ manual-document-mt-safety-llio.patch: 7fa5c0efde5f43928620b11438856b9174d41391
+ manual-document-mt-safety-stdio.patch: e8eca86a677a80f62b5bb0a17597cddf0a3cd9d5
+ wip-manual-document-mt-safety-math.patch: 305b77447b06df4c81a48a7f7dc0956ef8fe25e5
+ wip-manual-document-mt-safety-resource.patch: 944dd9eb606418530cc96cbaca0aaeb6ec89d590
+ wip-manual-document-mt-safety-startup.patch: 2df7a11143b0aec001575ef211e69f2fa271c61d
+ wip-manual-document-mt-safety-search.patch: 166b7eedb8e53f936ef842f708c68b2ac2394a76
+ wip-manual-document-mt-safety-string.patch: 13b20f6390fe51eabd827a7d4833df7c9b32f962
+ wip-manual-document-mt-safety-terminal.patch: 134a32db5ba4664731ebc1c2c15aaad32da69e07
+ wip-manual-document-mt-safety-threads.patch: 31e58276bacf72345d2bf27b274bcd254f615a4b
+ wip-manual-document-mt-safety-time.patch: 95da1194f415a13a61ce12c7439d411d990dc92e
+ wip-manual-document-mt-safety-locale.patch: e9145a48fc85e7f29a8589f4c8185647d0907e34
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 7d26e1b..80f0acf 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,7 +1,7 @@
-Bottom: bc51276153dccb4e0691cf1f0eb3c565579e39f7
-Top: 7c1f972f26f2cc5f1a309d366b4289bcd807d025
+Bottom: 52f86982187c30275067463fb7a6064b54969139
+Top: 9592a99187853c02f7033b271de199e85012a53a
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:04 -0300
+Date: 2013-08-29 04:12:39 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 6295886..862a159 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: 7c1f972f26f2cc5f1a309d366b4289bcd807d025
-Top: 9c86370cb53d549c50d2c79be3379b37f1330469
+Bottom: 9592a99187853c02f7033b271de199e85012a53a
+Top: a46ac9b1deecd51710762b73ec64e2bb52a9d84b
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:05 -0300
+Date: 2013-08-29 04:12:39 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 3ef2fdb..99f9422 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,7 +1,7 @@
-Bottom: 9c86370cb53d549c50d2c79be3379b37f1330469
-Top: d24392f659023698231462cdff3a7cd2c718b328
+Bottom: a46ac9b1deecd51710762b73ec64e2bb52a9d84b
+Top: bd7cc55350cfbbd116f5a730a8bef8f534c74b53
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:05 -0300
+Date: 2013-08-29 04:12:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 4cb62ce..a3e730f 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,7 +1,7 @@
-Bottom: d24392f659023698231462cdff3a7cd2c718b328
-Top: a8f636ec2c63e1659cb6bb784fc1da03dea18213
+Bottom: bd7cc55350cfbbd116f5a730a8bef8f534c74b53
+Top: cb52d0ad721c1624720477c9407cdb3fef52b742
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:05 -0300
+Date: 2013-08-29 04:12:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 11d0154..1c47eff 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,7 +1,7 @@
-Bottom: a8f636ec2c63e1659cb6bb784fc1da03dea18213
-Top: e56878e0c3824c71e49300c70bc897ef4c95eba9
+Bottom: cb52d0ad721c1624720477c9407cdb3fef52b742
+Top: cdcfad758945d3cea0d9f124bc38710c8fb23496
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:05 -0300
+Date: 2013-08-29 04:12:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 1c15c78..e4c63c3 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,7 +1,7 @@
-Bottom: e56878e0c3824c71e49300c70bc897ef4c95eba9
-Top: 5e33d66bee65faf09bea523f63284bba8bfc037b
+Bottom: cdcfad758945d3cea0d9f124bc38710c8fb23496
+Top: e77fd4ac0a9784c71ac174e7dee32d3e2aa16184
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:05 -0300
+Date: 2013-08-29 04:12:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 3a82b5b..c6bc8da 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,7 +1,7 @@
-Bottom: 5e33d66bee65faf09bea523f63284bba8bfc037b
-Top: f72a7e64af28a199527df245fb9aa731d99c95c4
+Bottom: e77fd4ac0a9784c71ac174e7dee32d3e2aa16184
+Top: b33d6f51141d8f2f5e6b95c5eb48b46237ca4af9
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:06 -0300
+Date: 2013-08-29 04:12:42 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index d9b8fda..072f554 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,7 +1,7 @@
-Bottom: f72a7e64af28a199527df245fb9aa731d99c95c4
-Top: 049700a49dafb85830a3b5d7f204ab655fb1062a
+Bottom: b33d6f51141d8f2f5e6b95c5eb48b46237ca4af9
+Top: 0d10a649c4473d9a6fb609ec81fa26e8a629d061
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:06 -0300
+Date: 2013-08-29 04:12:43 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 98130d6..aef66bc 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,7 +1,7 @@
-Bottom: 049700a49dafb85830a3b5d7f204ab655fb1062a
-Top: 830ce3133ca2adb5e7292565caf7cc33905af262
+Bottom: 0d10a649c4473d9a6fb609ec81fa26e8a629d061
+Top: e36ec2efcbfbb0271060509e53c1c357a9688a7f
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:06 -0300
+Date: 2013-08-29 04:12:43 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index bdd420f..f2ba59a 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,7 +1,7 @@
-Bottom: 830ce3133ca2adb5e7292565caf7cc33905af262
-Top: c46f27af7da7f04821d8d604cb1f6fdebe1af493
+Bottom: e36ec2efcbfbb0271060509e53c1c357a9688a7f
+Top: 070ad4074ca24a78565b334b04451ba020429abe
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:06 -0300
+Date: 2013-08-29 04:12:44 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 6b585e7..85da9aa 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,7 +1,7 @@
-Bottom: 4de5887b6571c90da0520d05ea43f403a3fa34ec
-Top: ba68695341ed62fde872ec262b801f8614334865
+Bottom: 9fe02cfc9a3804b9559a551581b75c028f9b91bd
+Top: ccbfd7f0cfb967e1801d4cd3f0d65b69ea3f11a4
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:07 -0300
+Date: 2013-08-29 04:12:50 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 7af432c..3cd2f00 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,7 +1,7 @@
-Bottom: ba68695341ed62fde872ec262b801f8614334865
-Top: b635b868ec5a8b50d788d6f60becf14146373aff
+Bottom: ccbfd7f0cfb967e1801d4cd3f0d65b69ea3f11a4
+Top: f7f7a15f0c84bba8877a582df6dbd055187a041c
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:07 -0300
+Date: 2013-08-29 04:12:51 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 6a1a9c5..4affaf8 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,7 +1,7 @@
-Bottom: c46f27af7da7f04821d8d604cb1f6fdebe1af493
-Top: 4de5887b6571c90da0520d05ea43f403a3fa34ec
+Bottom: 070ad4074ca24a78565b334b04451ba020429abe
+Top: 9fe02cfc9a3804b9559a551581b75c028f9b91bd
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:07 -0300
+Date: 2013-08-29 04:12:49 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index c9f81fd..364aea5 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,7 +1,7 @@
-Bottom: b635b868ec5a8b50d788d6f60becf14146373aff
-Top: 3fbfb29a402aef2bc5a15640726741426eca8904
+Bottom: f7f7a15f0c84bba8877a582df6dbd055187a041c
+Top: 97e0541602be704b65a32187d99e52c3138d4d04
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:07 -0300
+Date: 2013-08-29 04:12:51 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index b3af1bf..e6d842e 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,7 +1,7 @@
-Bottom: 3fbfb29a402aef2bc5a15640726741426eca8904
-Top: f75a142a5e1e8c6b49e3a8f622e8d0177f357f3d
+Bottom: 97e0541602be704b65a32187d99e52c3138d4d04
+Top: 71911a0d161093360cc979a0f75987e8706f33b6
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:08 -0300
+Date: 2013-08-29 04:12:52 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 2c9c0e9..ff2b700 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 39cf8b6977e5b0eb658a937d498281477afa6821
-Top: bc51276153dccb4e0691cf1f0eb3c565579e39f7
+Bottom: 98aee56c2b6c46ef89db799efabe6ab30c9729a1
+Top: 52f86982187c30275067463fb7a6064b54969139
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:04 -0300
+Date: 2013-08-29 04:12:37 -0300
Thread safety documentation.
diff --git a/patches/remove-sysdeps-ieee754-support.patch b/patches/remove-sysdeps-ieee754-support.patch
index 034bcd4..ce4346c 100644
--- a/patches/remove-sysdeps-ieee754-support.patch
+++ b/patches/remove-sysdeps-ieee754-support.patch
@@ -1,7 +1,7 @@
-Bottom: d06b3f23c180fe174e52c5f9388baa61d6ac33cc
-Top: 39cf8b6977e5b0eb658a937d498281477afa6821
+Bottom: a37ea8d691d49aaa2e36925f64cadc88674f1b39
+Top: 98aee56c2b6c46ef89db799efabe6ab30c9729a1
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:04 -0300
+Date: 2013-08-29 04:12:36 -0300
Remove unused sysdeps/ieee754/support.c.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 29447c9..2bc2eea 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
-Top: d06b3f23c180fe174e52c5f9388baa61d6ac33cc
+Bottom: ca1315b0033f11c3f3d8879e9e0fb14d71dadf3b
+Top: a37ea8d691d49aaa2e36925f64cadc88674f1b39
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:03 -0300
+Date: 2013-08-29 04:12:34 -0300
Rename unused scalb to scalbn to match prototype.
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6347b49..cae2acb 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,7 +1,7 @@
-Bottom: 433caedec169e879059fe6a497b2a6f420d94334
-Top: e5495b72159bea83c172508270804cf16b3f60ec
+Bottom: f528b7b2631aa970b7a9c2868269f120e51ddf6f
+Top: 8302a915c7103c415d81e3db9b4e0b9db02bb42b
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:08 -0300
+Date: 2013-08-29 04:13:05 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index f9a8ef8..77b2631 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,7 +1,7 @@
-Bottom: f75a142a5e1e8c6b49e3a8f622e8d0177f357f3d
-Top: 74197c280c2327b55e496226262a0ce471390321
+Bottom: 71911a0d161093360cc979a0f75987e8706f33b6
+Top: 48f3dc76c3e3461d4a79137423312ee9d4a99ee0
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:08 -0300
+Date: 2013-08-29 04:12:52 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 7737e49..ee57db1 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,7 +1,7 @@
-Bottom: 74197c280c2327b55e496226262a0ce471390321
-Top: 03e8cc5f3903301a0af65e6ddd0359e1c48cd0b1
+Bottom: 48f3dc76c3e3461d4a79137423312ee9d4a99ee0
+Top: fe2388feda441b099b6db701fab60199b9a385f0
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:09 -0300
+Date: 2013-08-29 04:12:53 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 75b2d6f..a4722b4 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,7 +1,7 @@
-Bottom: 50350adeaabebba128c4819026b005be23b60024
-Top: 2827bf77a32cb7dea2034fa4d12eeb52db8491a8
+Bottom: 54f51cc24c8038bf966957936a78214bb4001b07
+Top: aa3dbf5537f25ecc771448e84d89b4535b1c6f70
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:09 -0300
+Date: 2013-08-29 04:12:54 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 86ed331..7f82f0a 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,7 +1,7 @@
-Bottom: 03e8cc5f3903301a0af65e6ddd0359e1c48cd0b1
-Top: 50350adeaabebba128c4819026b005be23b60024
+Bottom: fe2388feda441b099b6db701fab60199b9a385f0
+Top: 54f51cc24c8038bf966957936a78214bb4001b07
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:08 -0300
+Date: 2013-08-29 04:12:53 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 37bf7dd..f8b1f7d 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,7 +1,7 @@
-Bottom: 2827bf77a32cb7dea2034fa4d12eeb52db8491a8
-Top: 94e8f6c89b1345b143d4d651785e301effcb97e4
+Bottom: aa3dbf5537f25ecc771448e84d89b4535b1c6f70
+Top: df309a874addf70b8a7a1debf3b0de3512d70a58
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:09 -0300
+Date: 2013-08-29 04:12:54 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 02f1a3c..cf5d100 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,7 +1,7 @@
-Bottom: 94e8f6c89b1345b143d4d651785e301effcb97e4
-Top: c48ef49e78eb0f0a0327fe9f89b47646609f316e
+Bottom: df309a874addf70b8a7a1debf3b0de3512d70a58
+Top: 113ab3d6e3ff6f9318e93ab05c0aca48dd213a9e
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:09 -0300
+Date: 2013-08-29 04:13:02 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 15d5d06..9aecb4a 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,7 +1,7 @@
-Bottom: c48ef49e78eb0f0a0327fe9f89b47646609f316e
-Top: 8d1dadaf72de52e6a5b1e028fed9aa52ba3b56c2
+Bottom: 113ab3d6e3ff6f9318e93ab05c0aca48dd213a9e
+Top: 004b08ebe327a6ae66f437a41c9ef84820f7f127
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:10 -0300
+Date: 2013-08-29 04:13:03 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 97d9998..0271f4f 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,7 +1,7 @@
-Bottom: 8d1dadaf72de52e6a5b1e028fed9aa52ba3b56c2
-Top: 433caedec169e879059fe6a497b2a6f420d94334
+Bottom: 004b08ebe327a6ae66f437a41c9ef84820f7f127
+Top: f528b7b2631aa970b7a9c2868269f120e51ddf6f
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:10 -0300
+Date: 2013-08-29 04:13:04 -0300
Thread safety documentation.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9145a48fc85e7f29a8589f4c8185647d0907e34
commit e9145a48fc85e7f29a8589f4c8185647d0907e34
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..f07135e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95da1194f415a13a61ce12c7439d411d990dc92e
commit 95da1194f415a13a61ce12c7439d411d990dc92e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=31e58276bacf72345d2bf27b274bcd254f615a4b
commit 31e58276bacf72345d2bf27b274bcd254f615a4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=134a32db5ba4664731ebc1c2c15aaad32da69e07
commit 134a32db5ba4664731ebc1c2c15aaad32da69e07
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:13:02 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=13b20f6390fe51eabd827a7d4833df7c9b32f962
commit 13b20f6390fe51eabd827a7d4833df7c9b32f962
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:54 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..1408033 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=166b7eedb8e53f936ef842f708c68b2ac2394a76
commit 166b7eedb8e53f936ef842f708c68b2ac2394a76
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:54 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2df7a11143b0aec001575ef211e69f2fa271c61d
commit 2df7a11143b0aec001575ef211e69f2fa271c61d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=944dd9eb606418530cc96cbaca0aaeb6ec89d590
commit 944dd9eb606418530cc96cbaca0aaeb6ec89d590
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=305b77447b06df4c81a48a7f7dc0956ef8fe25e5
commit 305b77447b06df4c81a48a7f7dc0956ef8fe25e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:52 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e8eca86a677a80f62b5bb0a17597cddf0a3cd9d5
commit e8eca86a677a80f62b5bb0a17597cddf0a3cd9d5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:52 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..5667af3 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7fa5c0efde5f43928620b11438856b9174d41391
commit 7fa5c0efde5f43928620b11438856b9174d41391
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:51 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=594da3770c027a01968fcfd3e459fc13bbdbf047
commit 594da3770c027a01968fcfd3e459fc13bbdbf047
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:51 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=82c921e0fe0e03260273e0c3b9c534cb9ddc83ea
commit 82c921e0fe0e03260273e0c3b9c534cb9ddc83ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=756f4b7231c09a2f3330bfe8cef81cb9affbf4a4
commit 756f4b7231c09a2f3330bfe8cef81cb9affbf4a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:49 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b99c70c2cfa83e1c2f06765613650f7d0baa3cd
commit 0b99c70c2cfa83e1c2f06765613650f7d0baa3cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:44 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=455ec866c88f22881882323df735a2bdd7a2e5c8
commit 455ec866c88f22881882323df735a2bdd7a2e5c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 814c210..c7eb13b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=14586b49baa8cc3f7130be193d847967e9ce16d8
commit 14586b49baa8cc3f7130be193d847967e9ce16d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=69023efa78bdaca363b5de32f56adea8ce05e13b
commit 69023efa78bdaca363b5de32f56adea8ce05e13b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:42 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bc57e1374fa217ebb08b3dc75c515873e34a230f
commit bc57e1374fa217ebb08b3dc75c515873e34a230f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bfd41b844cd2a718215b48d96bcfb88a593a3b58
commit bfd41b844cd2a718215b48d96bcfb88a593a3b58
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95d536639518ae7a6e106105e40e759ebaac1e85
commit 95d536639518ae7a6e106105e40e759ebaac1e85
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=57efa1b33f9b1d513d9f5af800c821485ad43bea
commit 57efa1b33f9b1d513d9f5af800c821485ad43bea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d1424edfa9fc55d9ae9188866fc4d07ca999ebb
commit 6d1424edfa9fc55d9ae9188866fc4d07ca999ebb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e7b55795888c074364e9070adc34af37c58b1b70
commit e7b55795888c074364e9070adc34af37c58b1b70
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=400cde6651833f07505f9d1b935539ecac53f006
commit 400cde6651833f07505f9d1b935539ecac53f006
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:37 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..c3142ad 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,434 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{oncesafe}
+@cindex oncesafe
+
+Functions marked with @code{oncesafe} use the internal @code{libc_once}
+machinery to initialize internal data structures.
+
+If a signal handler interrupts such an initializer, and calls any
+function that also performs @code{libc_once} initialization, it will
+deadlock if the thread library is linked in.
+
+Furthermore, if an initializer is partially complete before it is
+canceled or interrupted by a signal whose handler requires the same
+initialization, some or all of the initialization may be performed more
+than once, leaking resources or even result in corrupt internal data
+structures.
+
+Applications that need to call functions marked with @code{oncesafe}
+should ensure the initialization is performed before configuring signal
+handlers or enabling cancellation, so that the AS- and AC-Safety issues
+related with @code{libc_once} do not arise.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=34abea62b6ff2865a7f75c0d5186018b3a82899d
commit 34abea62b6ff2865a7f75c0d5186018b3a82899d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:36 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=601f2444208808e1d17c679fa7a119ccb9db4254
commit 601f2444208808e1d17c679fa7a119ccb9db4254
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:12:34 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f629830e477da31c658efce637dcd5bf11b00ed8
commit f629830e477da31c658efce637dcd5bf11b00ed8
Merge: 9be17e5 2e649ae af9711c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:09:45 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9be17e5117b896d04a7e06fa3c1c8c269d430f0b
commit 9be17e5117b896d04a7e06fa3c1c8c269d430f0b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:09:45 2013 -0300
refresh
diff --git a/meta b/meta
index 09e1fd6..fa4c5d2 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: e6321f6f88bd6024b0532486f0bf9b43ebf23b0c
-Head: 180532bd97eab73fca355a7049ada9f825483002
+Previous: af9711c5b7808f21ee60eb46c8048c3d054f0c31
+Head: 2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: d4b7d87f6ac0c1c4f537289efc7877c4d5bbae93
wip-manual-document-mt-safety-threads.patch: 3c71f75c7c0c64263bc679cc89fbfbcea8753653
wip-manual-document-mt-safety-time.patch: 0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
- wip-manual-document-mt-safety-locale.patch: afb86d3a0ff16fe7ba1bac6ce482d367311e7771
- refresh-temp: 180532bd97eab73fca355a7049ada9f825483002
+ wip-manual-document-mt-safety-locale.patch: 2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 91180d9..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,93 +0,0 @@
-Bottom: 968fb766f8ba8e00249074d4e9889193f200d887
-Top: e5495b72159bea83c172508270804cf16b3f60ec
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-29 04:09:44 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 36cda7f..f07135e 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -224,14 +224,14 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @comment locale.h
- @comment ISO
- @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
--@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
- @c Uses of the global locale object are unguarded in functions that
- @c ought to be MT-Safe, so we're ruling out the use of this function
- @c once threads are started. It takes a write lock itself, but it may
- @c return a pointer loaded from the global locale object after releasing
- @c the lock, or before taking it.
- @c This function returns a pointer read...
--@c setlocale
-+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
- @c libc_rwlock_wrlock selfdeadlock, lockleak
- @c libc_rwlock_unlock lockleak
- @c getenv LOCPATH envromt
-@@ -240,7 +240,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c new_composite_name ok
- @c setdata ok
- @c setname ok
--@c _nl_find_locale
-+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
- @c getenv LC_ALL and LANG envromt
- @c _nl_load_locale_from_archive asmalloc, memleak, fdleak
- @c sysconf _SC_PAGE_SIZE ok
-@@ -300,8 +300,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c free asmalloc, memleak
- @c _nl_intern_locale_data dup asmalloc, memleak
- @c munmap ok
--@c __gconv_compare_alias
--@c __gconv_read_conf oncesafe
-+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
-+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
- @c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
- @c never modified afterwards)
- @c __gconv_load_cache asmalloc, memleak, fdleak
-@@ -320,22 +320,34 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c malloc asmalloc, memleak
- @c strtok_r ok
- @c libc_lock_unlock lockleak
--@c read_conf_file
-+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
- @c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c fsetlocking ok
- @c feof_unlocked ok
- @c getdelim asmalloc, asynconsist, memleak, incansist
- @c isspace_l ok (C locale)
- @c add_alias
--@c +
--@c add_module
--@c +
-+@c isspace_l ok (C locale)
-+@c toupper_l ok (C locale)
-+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
-+@c add_module asmalloc, memleak
-+@c isspace_l ok (C locale)
-+@c toupper_l ok (C locale)
-+@c strtol ok (glocale, but we hold the locale lock)
-+@c tfind __gconv_alias_db ok
-+@c __gconv_alias_compare dup ok
-+@c calloc asmalloc, memleak
-+@c insert_module dup asmalloc
- @c __tfind ok (because the tree is read only by then)
- @c __gconv_alias_compare dup ok
--@c insert_module
--@c +
--@c add_alias2
--@c +
-+@c insert_module asmalloc
-+@c free asmalloc
-+@c add_alias2 asynconsist, asmalloc, incansist, memleak
-+@c detect_conflict ok, reads __gconv_modules_db
-+@c malloc asmalloc, memleak
-+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
-+@c __gconv_alias_compare ok
-+@c free asmalloc
- @c __gconv_compare_alias_cache ok
- @c find_module_idx ok
- @c do_lookup_alias ok
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 0994824..6347b49 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 433caedec169e879059fe6a497b2a6f420d94334
-Top: 968fb766f8ba8e00249074d4e9889193f200d887
+Top: e5495b72159bea83c172508270804cf16b3f60ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,21 +13,21 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..36cda7f 100644
+index 2f10fcd..f07135e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,125 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
-+@c setlocale
++@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
@@ -36,7 +36,7 @@ index 2f10fcd..36cda7f 100644
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
-+@c _nl_find_locale
++@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
@@ -96,8 +96,8 @@ index 2f10fcd..36cda7f 100644
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
-+@c __gconv_compare_alias
-+@c __gconv_read_conf oncesafe
++@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
++@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
@@ -116,22 +116,34 @@ index 2f10fcd..36cda7f 100644
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
-+@c read_conf_file
++@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
-+@c +
-+@c add_module
-+@c +
++@c isspace_l ok (C locale)
++@c toupper_l ok (C locale)
++@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
++@c add_module asmalloc, memleak
++@c isspace_l ok (C locale)
++@c toupper_l ok (C locale)
++@c strtol ok (glocale, but we hold the locale lock)
++@c tfind __gconv_alias_db ok
++@c __gconv_alias_compare dup ok
++@c calloc asmalloc, memleak
++@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
-+@c insert_module
-+@c +
-+@c add_alias2
-+@c +
++@c insert_module asmalloc
++@c free asmalloc
++@c add_alias2 asynconsist, asmalloc, incansist, memleak
++@c detect_conflict ok, reads __gconv_modules_db
++@c malloc asmalloc, memleak
++@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
++@c __gconv_alias_compare ok
++@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af9711c5b7808f21ee60eb46c8048c3d054f0c31
commit af9711c5b7808f21ee60eb46c8048c3d054f0c31
Merge: 7d036ed e6321f6 180532b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:09:44 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7d036ed8e0aa7adc19dba6eae65badbd8c325287
commit 7d036ed8e0aa7adc19dba6eae65badbd8c325287
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:09:44 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 5535f53..09e1fd6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7c4730c50b3ca97da9c26b8a7b4b302efca2b730
-Head: afb86d3a0ff16fe7ba1bac6ce482d367311e7771
+Previous: e6321f6f88bd6024b0532486f0bf9b43ebf23b0c
+Head: 180532bd97eab73fca355a7049ada9f825483002
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 3c71f75c7c0c64263bc679cc89fbfbcea8753653
wip-manual-document-mt-safety-time.patch: 0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
wip-manual-document-mt-safety-locale.patch: afb86d3a0ff16fe7ba1bac6ce482d367311e7771
+ refresh-temp: 180532bd97eab73fca355a7049ada9f825483002
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..91180d9
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,93 @@
+Bottom: 968fb766f8ba8e00249074d4e9889193f200d887
+Top: e5495b72159bea83c172508270804cf16b3f60ec
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-29 04:09:44 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 36cda7f..f07135e 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,14 +224,14 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+-@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+ @c Uses of the global locale object are unguarded in functions that
+ @c ought to be MT-Safe, so we're ruling out the use of this function
+ @c once threads are started. It takes a write lock itself, but it may
+ @c return a pointer loaded from the global locale object after releasing
+ @c the lock, or before taking it.
+ @c This function returns a pointer read...
+-@c setlocale
++@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+ @c libc_rwlock_wrlock selfdeadlock, lockleak
+ @c libc_rwlock_unlock lockleak
+ @c getenv LOCPATH envromt
+@@ -240,7 +240,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c new_composite_name ok
+ @c setdata ok
+ @c setname ok
+-@c _nl_find_locale
++@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+ @c getenv LC_ALL and LANG envromt
+ @c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+ @c sysconf _SC_PAGE_SIZE ok
+@@ -300,8 +300,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c free asmalloc, memleak
+ @c _nl_intern_locale_data dup asmalloc, memleak
+ @c munmap ok
+-@c __gconv_compare_alias
+-@c __gconv_read_conf oncesafe
++@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
++@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+ @c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+ @c never modified afterwards)
+ @c __gconv_load_cache asmalloc, memleak, fdleak
+@@ -320,22 +320,34 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c malloc asmalloc, memleak
+ @c strtok_r ok
+ @c libc_lock_unlock lockleak
+-@c read_conf_file
++@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+ @c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c fsetlocking ok
+ @c feof_unlocked ok
+ @c getdelim asmalloc, asynconsist, memleak, incansist
+ @c isspace_l ok (C locale)
+ @c add_alias
+-@c +
+-@c add_module
+-@c +
++@c isspace_l ok (C locale)
++@c toupper_l ok (C locale)
++@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
++@c add_module asmalloc, memleak
++@c isspace_l ok (C locale)
++@c toupper_l ok (C locale)
++@c strtol ok (glocale, but we hold the locale lock)
++@c tfind __gconv_alias_db ok
++@c __gconv_alias_compare dup ok
++@c calloc asmalloc, memleak
++@c insert_module dup asmalloc
+ @c __tfind ok (because the tree is read only by then)
+ @c __gconv_alias_compare dup ok
+-@c insert_module
+-@c +
+-@c add_alias2
+-@c +
++@c insert_module asmalloc
++@c free asmalloc
++@c add_alias2 asynconsist, asmalloc, incansist, memleak
++@c detect_conflict ok, reads __gconv_modules_db
++@c malloc asmalloc, memleak
++@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
++@c __gconv_alias_compare ok
++@c free asmalloc
+ @c __gconv_compare_alias_cache ok
+ @c find_module_idx ok
+ @c do_lookup_alias ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=180532bd97eab73fca355a7049ada9f825483002
commit 180532bd97eab73fca355a7049ada9f825483002
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 29 04:09:44 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 36cda7f..f07135e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,14 +224,14 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
@c Uses of the global locale object are unguarded in functions that
@c ought to be MT-Safe, so we're ruling out the use of this function
@c once threads are started. It takes a write lock itself, but it may
@c return a pointer loaded from the global locale object after releasing
@c the lock, or before taking it.
@c This function returns a pointer read...
-@c setlocale
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
@c libc_rwlock_wrlock selfdeadlock, lockleak
@c libc_rwlock_unlock lockleak
@c getenv LOCPATH envromt
@@ -240,7 +240,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c new_composite_name ok
@c setdata ok
@c setname ok
-@c _nl_find_locale
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
@c getenv LC_ALL and LANG envromt
@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
@c sysconf _SC_PAGE_SIZE ok
@@ -300,8 +300,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c free asmalloc, memleak
@c _nl_intern_locale_data dup asmalloc, memleak
@c munmap ok
-@c __gconv_compare_alias
-@c __gconv_read_conf oncesafe
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
@c never modified afterwards)
@c __gconv_load_cache asmalloc, memleak, fdleak
@@ -320,22 +320,34 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c malloc asmalloc, memleak
@c strtok_r ok
@c libc_lock_unlock lockleak
-@c read_conf_file
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c fsetlocking ok
@c feof_unlocked ok
@c getdelim asmalloc, asynconsist, memleak, incansist
@c isspace_l ok (C locale)
@c add_alias
-@c +
-@c add_module
-@c +
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
@c __tfind ok (because the tree is read only by then)
@c __gconv_alias_compare dup ok
-@c insert_module
-@c +
-@c add_alias2
-@c +
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
@c __gconv_compare_alias_cache ok
@c find_module_idx ok
@c do_lookup_alias ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6321f6f88bd6024b0532486f0bf9b43ebf23b0c
commit e6321f6f88bd6024b0532486f0bf9b43ebf23b0c
Merge: a41d0b5 afb86d3 7c4730c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:24:33 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a41d0b5bca3e2b9fb23eda7de3383975df244da2
commit a41d0b5bca3e2b9fb23eda7de3383975df244da2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:24:33 2013 -0300
goto
diff --git a/meta b/meta
index db2cae7..5535f53 100644
--- a/meta
+++ b/meta
@@ -1,33 +1,33 @@
Version: 1
-Previous: d0b8f88b8fef816ebddf48f01bc0150e975b927f
-Head: 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
+Previous: 7c4730c50b3ca97da9c26b8a7b4b302efca2b730
+Head: afb86d3a0ff16fe7ba1bac6ce482d367311e7771
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
manual-document-mt-safety.patch: 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
+ manual-document-mt-safety-argp.patch: aaf60aa78ffc0da9405c007a36e9b5ad89f4d7e0
+ manual-document-mt-safety-arith.patch: f5408aef8fd0f838855b341cf29d4b3b0761ceae
+ manual-document-mt-safety-charset.patch: acec40190ccb799a124103745f39b272f5c5afa2
+ manual-document-mt-safety-conf.patch: 3f8919133306d121a29dea94df850074c59c9327
+ manual-document-mt-safety-crypt.patch: d10d9de8dc6b4909fc2ffaca9df6c08f497fe430
+ manual-document-mt-safety-ctype.patch: fe95a108afa92a848495f13bf1be98adf8eb7539
+ manual-document-mt-safety-debug.patch: 4e7d13cc87a994e6738371f001e34d4304db738f
+ manual-document-mt-safety-errno.patch: ed15acd8f144cf7fab2cb273f29a678af72fee1d
+ manual-document-mt-safety-filesys.patch: 841af416cc09ad9a10c030373274b83b7bf0e9f8
+ manual-document-mt-safety-getopt.patch: 8643cf752f8e508001e1faf25a3a50b940f5fcac
+ manual-document-mt-safety-libdl.patch: d7b8694a2eee5f336076db4c86e31d0a3e8a5884
+ manual-document-mt-safety-job.patch: dc5cc158e96987de0e4069e83b8553ae1d968df3
+ manual-document-mt-safety-lang.patch: 8d1637219ed7cc2f3bb4819d7a586659f1da3e50
+ manual-document-mt-safety-llio.patch: 114949fad3069f3c51d1cd9901a799988e8377b7
+ manual-document-mt-safety-stdio.patch: 5da6c6fb3d7087914a9d5b07d2c138b48d07891d
+ wip-manual-document-mt-safety-math.patch: 9465760239804be9c83371f416900c5d2b77c585
+ wip-manual-document-mt-safety-resource.patch: c071176c59f53ce8f1dfe15b851b99e7818cead1
+ wip-manual-document-mt-safety-startup.patch: 39bee707673a40f9f7ad816a32cb2b80767d24f5
+ wip-manual-document-mt-safety-search.patch: 7e937af701f2fa859ae881c59ced25cc3182ef1b
+ wip-manual-document-mt-safety-string.patch: 6c188d6d1877e318d247a68b863d6f25c5f62965
+ wip-manual-document-mt-safety-terminal.patch: d4b7d87f6ac0c1c4f537289efc7877c4d5bbae93
+ wip-manual-document-mt-safety-threads.patch: 3c71f75c7c0c64263bc679cc89fbfbcea8753653
+ wip-manual-document-mt-safety-time.patch: 0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
+ wip-manual-document-mt-safety-locale.patch: afb86d3a0ff16fe7ba1bac6ce482d367311e7771
Unapplied:
- manual-document-mt-safety-argp.patch: 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
- manual-document-mt-safety-arith.patch: 6dfda39adb1d84728fb4d392927fe32c70717f8c
- manual-document-mt-safety-charset.patch: b58ef1fd4f0b6a89317ebce875a8c6217da8e8fa
- manual-document-mt-safety-conf.patch: c7e8ed57d8a8ef0461deb3bb02e64e7c3c3606c1
- manual-document-mt-safety-crypt.patch: 9a99d1deaa001ca289c66c3832e5eaf4bee898b4
- manual-document-mt-safety-ctype.patch: 6bef7c9b865d9b4002167b45edfc3e8d74063fcf
- manual-document-mt-safety-debug.patch: 0b2dd076556329cdfefbe5adf3c6ea16167fe17b
- manual-document-mt-safety-errno.patch: d03f2590278bbe0c5b64d2727c6a88103e1174c6
- manual-document-mt-safety-filesys.patch: cd6798f9231759db9a66272f1e721010946710b4
- manual-document-mt-safety-getopt.patch: 5acd0cba09b1c0411d3c0ff44ebad682781cdea4
- manual-document-mt-safety-libdl.patch: a6dbb793abff10ea3a8779b118e43cd27d02cd33
- manual-document-mt-safety-job.patch: 1302198bf7ea242f1be035891c34507df7fa27e7
- manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
- manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
- manual-document-mt-safety-stdio.patch: 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
- wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
- wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
- wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
- wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
- wip-manual-document-mt-safety-string.patch: eb3c85b71c56902290473a92e6c8f3ffa4852964
- wip-manual-document-mt-safety-terminal.patch: af4517fcf40418c102664f0ad468424d974e1579
- wip-manual-document-mt-safety-threads.patch: b788aa476a3f1241be343db5eed095d40d4e7f99
- wip-manual-document-mt-safety-time.patch: d1221244d675ec6bcc205f518c664c13def4a4a6
- wip-manual-document-mt-safety-locale.patch: 7e105f03df345c9d37e09985a410f6d6177d8ed3
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 04e77a4..7d26e1b 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
-Top: 8fa20da58a327ce236a45260745f81ec87a5a28c
+Bottom: bc51276153dccb4e0691cf1f0eb3c565579e39f7
+Top: 7c1f972f26f2cc5f1a309d366b4289bcd807d025
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:04 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index ad9a44a..6295886 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 8fa20da58a327ce236a45260745f81ec87a5a28c
-Top: 9e00847513aa8ca3dd870c7142c8ee63c1eea05f
+Bottom: 7c1f972f26f2cc5f1a309d366b4289bcd807d025
+Top: 9c86370cb53d549c50d2c79be3379b37f1330469
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:05 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index eb1d974..3ef2fdb 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 9e00847513aa8ca3dd870c7142c8ee63c1eea05f
-Top: 25ef582a24250de1e2072a4015dacbfc5c2841bb
+Bottom: 9c86370cb53d549c50d2c79be3379b37f1330469
+Top: d24392f659023698231462cdff3a7cd2c718b328
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:05 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index a919d8b..4cb62ce 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 25ef582a24250de1e2072a4015dacbfc5c2841bb
-Top: b0eacdf8728c94a1f78c8f658a008efcaabcc9d2
+Bottom: d24392f659023698231462cdff3a7cd2c718b328
+Top: a8f636ec2c63e1659cb6bb784fc1da03dea18213
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:05 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index c361847..11d0154 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: b0eacdf8728c94a1f78c8f658a008efcaabcc9d2
-Top: c0b0db21cd11bbf3316e8c83167e162e23ad5bfa
+Bottom: a8f636ec2c63e1659cb6bb784fc1da03dea18213
+Top: e56878e0c3824c71e49300c70bc897ef4c95eba9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:05 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 3b2e49c..1c15c78 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: c0b0db21cd11bbf3316e8c83167e162e23ad5bfa
-Top: 1ac0ccdda2df342408b295e5121112bafddb3284
+Bottom: e56878e0c3824c71e49300c70bc897ef4c95eba9
+Top: 5e33d66bee65faf09bea523f63284bba8bfc037b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:05 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 5283b95..3a82b5b 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 1ac0ccdda2df342408b295e5121112bafddb3284
-Top: dc9e760360eb18c8fb0f2184676b14e7bc2177c3
+Bottom: 5e33d66bee65faf09bea523f63284bba8bfc037b
+Top: f72a7e64af28a199527df245fb9aa731d99c95c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:06 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index c0ca2ec..d9b8fda 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: dc9e760360eb18c8fb0f2184676b14e7bc2177c3
-Top: 6f36388aba0015568b6b2a4816dacc50146cb3fe
+Bottom: f72a7e64af28a199527df245fb9aa731d99c95c4
+Top: 049700a49dafb85830a3b5d7f204ab655fb1062a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:06 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 6769498..98130d6 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 6f36388aba0015568b6b2a4816dacc50146cb3fe
-Top: fde229599e21ef688d3e4b9f2339df8c55a7a992
+Bottom: 049700a49dafb85830a3b5d7f204ab655fb1062a
+Top: 830ce3133ca2adb5e7292565caf7cc33905af262
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:06 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index cbc973f..bdd420f 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: fde229599e21ef688d3e4b9f2339df8c55a7a992
-Top: 6d7e1278667b262f6475d7f0930713e0fcaf2164
+Bottom: 830ce3133ca2adb5e7292565caf7cc33905af262
+Top: c46f27af7da7f04821d8d604cb1f6fdebe1af493
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:06 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 78e372d..6b585e7 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 84a81eb5208d547308c0551a8daf7274f5f51893
-Top: 464934e3117acbbe947a28a984738c55ac1e7982
+Bottom: 4de5887b6571c90da0520d05ea43f403a3fa34ec
+Top: ba68695341ed62fde872ec262b801f8614334865
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:07 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index c3e1fa5..7af432c 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 464934e3117acbbe947a28a984738c55ac1e7982
-Top: 97ed577a7b5de423e0cbd73e6199c1d5d77a2db2
+Bottom: ba68695341ed62fde872ec262b801f8614334865
+Top: b635b868ec5a8b50d788d6f60becf14146373aff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:07 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 45921f9..6a1a9c5 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 6d7e1278667b262f6475d7f0930713e0fcaf2164
-Top: 84a81eb5208d547308c0551a8daf7274f5f51893
+Bottom: c46f27af7da7f04821d8d604cb1f6fdebe1af493
+Top: 4de5887b6571c90da0520d05ea43f403a3fa34ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:07 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 232d2b0..c9f81fd 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 97ed577a7b5de423e0cbd73e6199c1d5d77a2db2
-Top: 93d7801d18acd26c49da4772fbbaa130e15e8c35
+Bottom: b635b868ec5a8b50d788d6f60becf14146373aff
+Top: 3fbfb29a402aef2bc5a15640726741426eca8904
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:07 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index cd7fc3b..b3af1bf 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 93d7801d18acd26c49da4772fbbaa130e15e8c35
-Top: 255dc76dfd1273775d159fe84d9f9ff35f7d5184
+Bottom: 3fbfb29a402aef2bc5a15640726741426eca8904
+Top: f75a142a5e1e8c6b49e3a8f622e8d0177f357f3d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 4978c4d..0994824 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: ea3ba54c73d659d8dfd72d24ca9bff1fd9d533a6
-Top: f84cb3a8a6935357a83211dd7476aa8cceee29ed
+Bottom: 433caedec169e879059fe6a497b2a6f420d94334
+Top: 968fb766f8ba8e00249074d4e9889193f200d887
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index b7ef137..f9a8ef8 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
-Top: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
+Bottom: f75a142a5e1e8c6b49e3a8f622e8d0177f357f3d
+Top: 74197c280c2327b55e496226262a0ce471390321
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 2b03b87..7737e49 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
-Top: 287a1605130347164da91db888a4abb2da4313a8
+Bottom: 74197c280c2327b55e496226262a0ce471390321
+Top: 03e8cc5f3903301a0af65e6ddd0359e1c48cd0b1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 9f3f3cb..75b2d6f 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 7b5b5d8f990508d27c92e7be27499ab075fcd831
-Top: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
+Bottom: 50350adeaabebba128c4819026b005be23b60024
+Top: 2827bf77a32cb7dea2034fa4d12eeb52db8491a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 92fa78a..86ed331 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 287a1605130347164da91db888a4abb2da4313a8
-Top: 7b5b5d8f990508d27c92e7be27499ab075fcd831
+Bottom: 03e8cc5f3903301a0af65e6ddd0359e1c48cd0b1
+Top: 50350adeaabebba128c4819026b005be23b60024
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index de41b62..37bf7dd 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
-Top: c7851f3716d07cb79899c2afd9060ba0012286ea
+Bottom: 2827bf77a32cb7dea2034fa4d12eeb52db8491a8
+Top: 94e8f6c89b1345b143d4d651785e301effcb97e4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index c988723..02f1a3c 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: c7851f3716d07cb79899c2afd9060ba0012286ea
-Top: a82741c4de572d76f0acefac779c7b54549081ad
+Bottom: 94e8f6c89b1345b143d4d651785e301effcb97e4
+Top: c48ef49e78eb0f0a0327fe9f89b47646609f316e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 24a89ae..15d5d06 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: a82741c4de572d76f0acefac779c7b54549081ad
-Top: 121d21001f9a090049c70d632774252aca77b79d
+Bottom: c48ef49e78eb0f0a0327fe9f89b47646609f316e
+Top: 8d1dadaf72de52e6a5b1e028fed9aa52ba3b56c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index e021f3a..97d9998 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 121d21001f9a090049c70d632774252aca77b79d
-Top: ea3ba54c73d659d8dfd72d24ca9bff1fd9d533a6
+Bottom: 8d1dadaf72de52e6a5b1e028fed9aa52ba3b56c2
+Top: 433caedec169e879059fe6a497b2a6f420d94334
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
commit 2e649ae373826f51a9c30dff4a9f0d3366c7a4b3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..f07135e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,137 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{oncesafe, selfdeadlock, asmalloc, asynconsist, incansist}@acunsafe{oncesafe, incansist, lockleak, memleak, fdleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale envromt, oncesafe, asmalloc, selfdeadlock, asynconsist, incansist, memleak, fdleak, lockleak
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c __gconv_read_conf oncesafe, asmalloc, asynconsist, selfdeadlock, memleak,incansist, fdleak, lockleak
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file asmalloc, asynconsist, selfdeadlock, memleak, incansist, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c add_alias2 dup asynconsist, asmalloc, incansist, memleak
+@c add_module asmalloc, memleak
+@c isspace_l ok (C locale)
+@c toupper_l ok (C locale)
+@c strtol ok (glocale, but we hold the locale lock)
+@c tfind __gconv_alias_db ok
+@c __gconv_alias_compare dup ok
+@c calloc asmalloc, memleak
+@c insert_module dup asmalloc
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module asmalloc
+@c free asmalloc
+@c add_alias2 asynconsist, asmalloc, incansist, memleak
+@c detect_conflict ok, reads __gconv_modules_db
+@c malloc asmalloc, memleak
+@c tsearch __gconv_alias_db asynconsist, asmalloc, incansist, memleak
+@c __gconv_alias_compare ok
+@c free asmalloc
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=afb86d3a0ff16fe7ba1bac6ce482d367311e7771
commit afb86d3a0ff16fe7ba1bac6ce482d367311e7771
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..36cda7f 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,125 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias
+@c __gconv_read_conf oncesafe
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c +
+@c add_module
+@c +
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module
+@c +
+@c add_alias2
+@c +
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
commit 0b3afb70e5ee7968cd9653bfa592f05bb5f4798d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c71f75c7c0c64263bc679cc89fbfbcea8753653
commit 3c71f75c7c0c64263bc679cc89fbfbcea8753653
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d4b7d87f6ac0c1c4f537289efc7877c4d5bbae93
commit d4b7d87f6ac0c1c4f537289efc7877c4d5bbae93
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c188d6d1877e318d247a68b863d6f25c5f62965
commit 6c188d6d1877e318d247a68b863d6f25c5f62965
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..1408033 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7e937af701f2fa859ae881c59ced25cc3182ef1b
commit 7e937af701f2fa859ae881c59ced25cc3182ef1b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39bee707673a40f9f7ad816a32cb2b80767d24f5
commit 39bee707673a40f9f7ad816a32cb2b80767d24f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c071176c59f53ce8f1dfe15b851b99e7818cead1
commit c071176c59f53ce8f1dfe15b851b99e7818cead1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9465760239804be9c83371f416900c5d2b77c585
commit 9465760239804be9c83371f416900c5d2b77c585
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5da6c6fb3d7087914a9d5b07d2c138b48d07891d
commit 5da6c6fb3d7087914a9d5b07d2c138b48d07891d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..5667af3 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=114949fad3069f3c51d1cd9901a799988e8377b7
commit 114949fad3069f3c51d1cd9901a799988e8377b7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d1637219ed7cc2f3bb4819d7a586659f1da3e50
commit 8d1637219ed7cc2f3bb4819d7a586659f1da3e50
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc5cc158e96987de0e4069e83b8553ae1d968df3
commit dc5cc158e96987de0e4069e83b8553ae1d968df3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d7b8694a2eee5f336076db4c86e31d0a3e8a5884
commit d7b8694a2eee5f336076db4c86e31d0a3e8a5884
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8643cf752f8e508001e1faf25a3a50b940f5fcac
commit 8643cf752f8e508001e1faf25a3a50b940f5fcac
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=841af416cc09ad9a10c030373274b83b7bf0e9f8
commit 841af416cc09ad9a10c030373274b83b7bf0e9f8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 814c210..c7eb13b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed15acd8f144cf7fab2cb273f29a678af72fee1d
commit ed15acd8f144cf7fab2cb273f29a678af72fee1d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e7d13cc87a994e6738371f001e34d4304db738f
commit 4e7d13cc87a994e6738371f001e34d4304db738f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe95a108afa92a848495f13bf1be98adf8eb7539
commit fe95a108afa92a848495f13bf1be98adf8eb7539
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d10d9de8dc6b4909fc2ffaca9df6c08f497fe430
commit d10d9de8dc6b4909fc2ffaca9df6c08f497fe430
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f8919133306d121a29dea94df850074c59c9327
commit 3f8919133306d121a29dea94df850074c59c9327
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=acec40190ccb799a124103745f39b272f5c5afa2
commit acec40190ccb799a124103745f39b272f5c5afa2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f5408aef8fd0f838855b341cf29d4b3b0761ceae
commit f5408aef8fd0f838855b341cf29d4b3b0761ceae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aaf60aa78ffc0da9405c007a36e9b5ad89f4d7e0
commit aaf60aa78ffc0da9405c007a36e9b5ad89f4d7e0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7c4730c50b3ca97da9c26b8a7b4b302efca2b730
commit 7c4730c50b3ca97da9c26b8a7b4b302efca2b730
Merge: ecbe0af 4e51ca6 d0b8f88
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:23:46 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ecbe0aff753e41d9b46550657d5ebddd79c81210
commit ecbe0aff753e41d9b46550657d5ebddd79c81210
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:23:46 2013 -0300
refresh
diff --git a/meta b/meta
index 7af1e9b..db2cae7 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,10 @@
Version: 1
-Previous: 485f76b7b9c5f4375d8b28a566f5ab1b0f111e6d
-Head: 74c9e41f2c8561e8a8cc02e8655526580c3dd151
+Previous: d0b8f88b8fef816ebddf48f01bc0150e975b927f
+Head: 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
- manual-document-mt-safety.patch: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
- refresh-temp: 74c9e41f2c8561e8a8cc02e8655526580c3dd151
+ manual-document-mt-safety.patch: 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
Unapplied:
manual-document-mt-safety-argp.patch: 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
manual-document-mt-safety-arith.patch: 6dfda39adb1d84728fb4d392927fe32c70717f8c
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 4c64009..2c9c0e9 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: 39cf8b6977e5b0eb658a937d498281477afa6821
-Top: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
+Top: bc51276153dccb4e0691cf1f0eb3c565579e39f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:04 -0300
@@ -15,10 +15,10 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..d183e12 100644
+index deaf089..c3142ad 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
-@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
+@@ -172,6 +172,434 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
@@ -134,6 +134,28 @@ index deaf089..d183e12 100644
+applies.
+
+
++@item @code{oncesafe}
++@cindex oncesafe
++
++Functions marked with @code{oncesafe} use the internal @code{libc_once}
++machinery to initialize internal data structures.
++
++If a signal handler interrupts such an initializer, and calls any
++function that also performs @code{libc_once} initialization, it will
++deadlock if the thread library is linked in.
++
++Furthermore, if an initializer is partially complete before it is
++canceled or interrupted by a signal whose handler requires the same
++initialization, some or all of the initialization may be performed more
++than once, leaking resources or even result in corrupt internal data
++structures.
++
++Applications that need to call functions marked with @code{oncesafe}
++should ensure the initialization is performed before configuring signal
++handlers or enabling cancellation, so that the AS- and AC-Safety issues
++related with @code{libc_once} do not arise.
++
++
+@item @code{uunguard}
+@cindex uunguard
+
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index e7de08c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,41 +0,0 @@
-Bottom: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
-Top: bc51276153dccb4e0691cf1f0eb3c565579e39f7
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-28 00:23:45 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index d183e12..c3142ad 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -284,6 +284,28 @@ access the environment are marked as MT-Safe when no other safety issue
- applies.
-
-
-+@item @code{oncesafe}
-+@cindex oncesafe
-+
-+Functions marked with @code{oncesafe} use the internal @code{libc_once}
-+machinery to initialize internal data structures.
-+
-+If a signal handler interrupts such an initializer, and calls any
-+function that also performs @code{libc_once} initialization, it will
-+deadlock if the thread library is linked in.
-+
-+Furthermore, if an initializer is partially complete before it is
-+canceled or interrupted by a signal whose handler requires the same
-+initialization, some or all of the initialization may be performed more
-+than once, leaking resources or even result in corrupt internal data
-+structures.
-+
-+Applications that need to call functions marked with @code{oncesafe}
-+should ensure the initialization is performed before configuring signal
-+handlers or enabling cancellation, so that the AS- and AC-Safety issues
-+related with @code{libc_once} do not arise.
-+
-+
- @item @code{uunguard}
- @cindex uunguard
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d0b8f88b8fef816ebddf48f01bc0150e975b927f
commit d0b8f88b8fef816ebddf48f01bc0150e975b927f
Merge: 94633f0 485f76b 74c9e41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:23:46 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=94633f0c6ba66f79ebfde308d22f5f81edd948d3
commit 94633f0c6ba66f79ebfde308d22f5f81edd948d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:23:46 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index d27d2de..7af1e9b 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,11 @@
Version: 1
-Previous: f1c163251b6c357ccacdec3328cb155295035dd1
-Head: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
+Previous: 485f76b7b9c5f4375d8b28a566f5ab1b0f111e6d
+Head: 74c9e41f2c8561e8a8cc02e8655526580c3dd151
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
manual-document-mt-safety.patch: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
+ refresh-temp: 74c9e41f2c8561e8a8cc02e8655526580c3dd151
Unapplied:
manual-document-mt-safety-argp.patch: 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
manual-document-mt-safety-arith.patch: 6dfda39adb1d84728fb4d392927fe32c70717f8c
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..e7de08c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,41 @@
+Bottom: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
+Top: bc51276153dccb4e0691cf1f0eb3c565579e39f7
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-28 00:23:45 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index d183e12..c3142ad 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -284,6 +284,28 @@ access the environment are marked as MT-Safe when no other safety issue
+ applies.
+
+
++@item @code{oncesafe}
++@cindex oncesafe
++
++Functions marked with @code{oncesafe} use the internal @code{libc_once}
++machinery to initialize internal data structures.
++
++If a signal handler interrupts such an initializer, and calls any
++function that also performs @code{libc_once} initialization, it will
++deadlock if the thread library is linked in.
++
++Furthermore, if an initializer is partially complete before it is
++canceled or interrupted by a signal whose handler requires the same
++initialization, some or all of the initialization may be performed more
++than once, leaking resources or even result in corrupt internal data
++structures.
++
++Applications that need to call functions marked with @code{oncesafe}
++should ensure the initialization is performed before configuring signal
++handlers or enabling cancellation, so that the AS- and AC-Safety issues
++related with @code{libc_once} do not arise.
++
++
+ @item @code{uunguard}
+ @cindex uunguard
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74c9e41f2c8561e8a8cc02e8655526580c3dd151
commit 74c9e41f2c8561e8a8cc02e8655526580c3dd151
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:23:45 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index d183e12..c3142ad 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -284,6 +284,28 @@ access the environment are marked as MT-Safe when no other safety issue
applies.
+@item @code{oncesafe}
+@cindex oncesafe
+
+Functions marked with @code{oncesafe} use the internal @code{libc_once}
+machinery to initialize internal data structures.
+
+If a signal handler interrupts such an initializer, and calls any
+function that also performs @code{libc_once} initialization, it will
+deadlock if the thread library is linked in.
+
+Furthermore, if an initializer is partially complete before it is
+canceled or interrupted by a signal whose handler requires the same
+initialization, some or all of the initialization may be performed more
+than once, leaking resources or even result in corrupt internal data
+structures.
+
+Applications that need to call functions marked with @code{oncesafe}
+should ensure the initialization is performed before configuring signal
+handlers or enabling cancellation, so that the AS- and AC-Safety issues
+related with @code{libc_once} do not arise.
+
+
@item @code{uunguard}
@cindex uunguard
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=485f76b7b9c5f4375d8b28a566f5ab1b0f111e6d
commit 485f76b7b9c5f4375d8b28a566f5ab1b0f111e6d
Merge: 188dbd8 f1c1632
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:07:40 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=188dbd8d9ec342bdf6a10644f27e65a9117c50c7
commit 188dbd8d9ec342bdf6a10644f27e65a9117c50c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:07:40 2013 -0300
goto
diff --git a/meta b/meta
index 462c6b2..d27d2de 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,11 @@
Version: 1
-Previous: 037213016d6ba4fd70e0026d0c92c4ce1ea3372a
-Head: 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
+Previous: f1c163251b6c357ccacdec3328cb155295035dd1
+Head: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
manual-document-mt-safety.patch: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
+Unapplied:
manual-document-mt-safety-argp.patch: 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
manual-document-mt-safety-arith.patch: 6dfda39adb1d84728fb4d392927fe32c70717f8c
manual-document-mt-safety-charset.patch: b58ef1fd4f0b6a89317ebce875a8c6217da8e8fa
@@ -20,7 +21,6 @@ Applied:
manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
-Unapplied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f1c163251b6c357ccacdec3328cb155295035dd1
commit f1c163251b6c357ccacdec3328cb155295035dd1
Merge: faaec83 3f6a86b 0372130
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:05:53 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=faaec835d4c9258cdd77aa767c877f463abc1a09
commit faaec835d4c9258cdd77aa767c877f463abc1a09
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:05:53 2013 -0300
refresh
diff --git a/meta b/meta
index 0db42cb..462c6b2 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7574e9059a8db40c3176785ed56703a0bdb7d7a5
-Head: 0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
+Previous: 037213016d6ba4fd70e0026d0c92c4ce1ea3372a
+Head: 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -19,8 +19,7 @@ Applied:
manual-document-mt-safety-job.patch: 1302198bf7ea242f1be035891c34507df7fa27e7
manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
- manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
- refresh-temp: 0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
+ manual-document-mt-safety-stdio.patch: 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
Unapplied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index f0316b1..cd7fc3b 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
Bottom: 93d7801d18acd26c49da4772fbbaa130e15e8c35
-Top: e50028beb84ad6b675a13f914ea7f6020b0041fb
+Top: 255dc76dfd1273775d159fe84d9f9ff35f7d5184
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 3f9be9bc5..79a3340 100644
+index 3f9be9bc5..5667af3 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@@ -452,23 +452,29 @@ index 3f9be9bc5..79a3340 100644
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
-@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
+@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
-+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Besides the usual possibility of getting an inconsistent stream in a
++@c signal handler or leaving it inconsistent in case of cancellation,
++@c the possibility of leaving a dangling pointer upon cancellation
++@c between reallocing the buffer at *lineptr and updating the pointer
++@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
-@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
+@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
-+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
-@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
+@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
@@ -476,7 +482,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
-@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
+@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
@@ -484,7 +490,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
-@@ -1280,6 +1391,7 @@ message.
+@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
@@ -492,7 +498,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
-@@ -1289,6 +1401,7 @@ This function is a GNU extension.
+@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
@@ -500,7 +506,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
-@@ -1298,6 +1411,7 @@ This function is a GNU extension.
+@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
@@ -508,7 +514,7 @@ index 3f9be9bc5..79a3340 100644
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
-@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
+@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
@@ -516,7 +522,7 @@ index 3f9be9bc5..79a3340 100644
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
-@@ -1425,6 +1540,7 @@ will encounter end of file.
+@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
@@ -524,7 +530,7 @@ index 3f9be9bc5..79a3340 100644
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
-@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
+@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
@@ -532,7 +538,7 @@ index 3f9be9bc5..79a3340 100644
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
-@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
+@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
@@ -540,7 +546,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
-@@ -1507,6 +1625,7 @@ This function is a GNU extension.
+@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
@@ -548,7 +554,7 @@ index 3f9be9bc5..79a3340 100644
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
-@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
+@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
@@ -556,7 +562,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
-@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
+@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
@@ -564,7 +570,7 @@ index 3f9be9bc5..79a3340 100644
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
-@@ -2266,6 +2387,7 @@ negative value if there was an output error.
+@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
@@ -572,7 +578,7 @@ index 3f9be9bc5..79a3340 100644
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
-@@ -2275,6 +2397,7 @@ negative value if there was an output error.
+@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
@@ -580,7 +586,7 @@ index 3f9be9bc5..79a3340 100644
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
-@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
@@ -588,7 +594,7 @@ index 3f9be9bc5..79a3340 100644
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
-@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
@@ -596,7 +602,7 @@ index 3f9be9bc5..79a3340 100644
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
-@@ -2313,6 +2438,7 @@ described below.
+@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
@@ -604,7 +610,7 @@ index 3f9be9bc5..79a3340 100644
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
-@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
+@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
@@ -612,7 +618,7 @@ index 3f9be9bc5..79a3340 100644
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
-@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
+@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
@@ -620,7 +626,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
-@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
+@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
@@ -628,7 +634,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
-@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
+@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
@@ -636,7 +642,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
-@@ -2517,6 +2647,7 @@ pointer @var{ap}.
+@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
@@ -644,7 +650,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
-@@ -2525,6 +2656,48 @@ pointer @var{ap}.
+@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -693,7 +699,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
+@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -701,7 +707,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
+@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -709,7 +715,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
+@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
@@ -717,7 +723,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
+@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
@@ -725,7 +731,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
+@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
@@ -733,7 +739,7 @@ index 3f9be9bc5..79a3340 100644
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
+@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
@@ -744,7 +750,7 @@ index 3f9be9bc5..79a3340 100644
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
-@@ -2639,6 +2821,7 @@ file @file{printf.h}.
+@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
@@ -752,7 +758,7 @@ index 3f9be9bc5..79a3340 100644
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
-@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
+@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
@@ -765,7 +771,7 @@ index 3f9be9bc5..79a3340 100644
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
-@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
+@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
@@ -778,7 +784,7 @@ index 3f9be9bc5..79a3340 100644
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
-@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
+@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
@@ -786,7 +792,7 @@ index 3f9be9bc5..79a3340 100644
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
-@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
+@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
@@ -794,7 +800,7 @@ index 3f9be9bc5..79a3340 100644
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
+@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
@@ -802,7 +808,7 @@ index 3f9be9bc5..79a3340 100644
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
+@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
@@ -810,7 +816,7 @@ index 3f9be9bc5..79a3340 100644
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
@@ -818,7 +824,7 @@ index 3f9be9bc5..79a3340 100644
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
@@ -826,7 +832,7 @@ index 3f9be9bc5..79a3340 100644
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
+@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
@@ -834,7 +840,7 @@ index 3f9be9bc5..79a3340 100644
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
+@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
@@ -842,7 +848,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
@@ -850,7 +856,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -858,7 +864,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
+@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -866,7 +872,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
+@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -874,7 +880,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
+@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
@@ -882,7 +888,7 @@ index 3f9be9bc5..79a3340 100644
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
+@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
@@ -890,7 +896,7 @@ index 3f9be9bc5..79a3340 100644
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
-@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
+@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
@@ -900,7 +906,7 @@ index 3f9be9bc5..79a3340 100644
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
-@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
@@ -908,7 +914,7 @@ index 3f9be9bc5..79a3340 100644
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
-@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
@@ -916,7 +922,7 @@ index 3f9be9bc5..79a3340 100644
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
-@@ -4023,6 +4237,7 @@ function.
+@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
@@ -924,7 +930,7 @@ index 3f9be9bc5..79a3340 100644
This function clears the end-of-file and error indicators for the
stream @var{stream}.
-@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
+@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
@@ -932,7 +938,7 @@ index 3f9be9bc5..79a3340 100644
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
-@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
+@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
@@ -940,7 +946,7 @@ index 3f9be9bc5..79a3340 100644
This function returns the current file position of the stream
@var{stream}.
-@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
+@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
@@ -948,7 +954,7 @@ index 3f9be9bc5..79a3340 100644
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
-@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
+@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
@@ -956,7 +962,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
-@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
+@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
@@ -964,7 +970,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
-@@ -4215,6 +4435,7 @@ place in the file.
+@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
@@ -972,7 +978,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
-@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
+@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
@@ -980,7 +986,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
-@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
+@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
@@ -988,7 +994,7 @@ index 3f9be9bc5..79a3340 100644
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
-@@ -4407,6 +4630,7 @@ representation.
+@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
@@ -996,7 +1002,7 @@ index 3f9be9bc5..79a3340 100644
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
-@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
+@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
@@ -1004,7 +1010,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
-@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
+@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
@@ -1012,7 +1018,7 @@ index 3f9be9bc5..79a3340 100644
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
-@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
+@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
@@ -1020,7 +1026,7 @@ index 3f9be9bc5..79a3340 100644
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
-@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
+@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
@@ -1028,7 +1034,7 @@ index 3f9be9bc5..79a3340 100644
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
-@@ -4572,6 +4800,7 @@ otherwise.
+@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
@@ -1036,7 +1042,7 @@ index 3f9be9bc5..79a3340 100644
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
-@@ -4588,6 +4817,7 @@ exported.
+@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
@@ -1044,7 +1050,7 @@ index 3f9be9bc5..79a3340 100644
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
-@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
+@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
@@ -1052,7 +1058,7 @@ index 3f9be9bc5..79a3340 100644
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
-@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
+@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
@@ -1060,7 +1066,7 @@ index 3f9be9bc5..79a3340 100644
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
-@@ -4710,6 +4942,7 @@ efficient size.
+@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
@@ -1068,7 +1074,7 @@ index 3f9be9bc5..79a3340 100644
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
-@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
+@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
@@ -1076,7 +1082,7 @@ index 3f9be9bc5..79a3340 100644
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
-@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
+@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
@@ -1084,7 +1090,7 @@ index 3f9be9bc5..79a3340 100644
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
-@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
+@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
@@ -1092,7 +1098,7 @@ index 3f9be9bc5..79a3340 100644
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
-@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
+@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
@@ -1100,7 +1106,7 @@ index 3f9be9bc5..79a3340 100644
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
-@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
+@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
@@ -1108,7 +1114,7 @@ index 3f9be9bc5..79a3340 100644
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
-@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
+@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
@@ -1119,7 +1125,7 @@ index 3f9be9bc5..79a3340 100644
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
-@@ -4870,6 +5112,7 @@ Got r
+@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
@@ -1127,7 +1133,7 @@ index 3f9be9bc5..79a3340 100644
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
-@@ -4985,6 +5228,7 @@ closed.
+@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
@@ -1135,7 +1141,7 @@ index 3f9be9bc5..79a3340 100644
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
-@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
+@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
@@ -1143,7 +1149,7 @@ index 3f9be9bc5..79a3340 100644
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
-@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
+@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 4c047be..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,37 +0,0 @@
-Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
-Top: 255dc76dfd1273775d159fe84d9f9ff35f7d5184
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-28 00:05:52 -0300
-
-Refresh of manual-document-mt-safety-stdio.patch
-
----
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 79a3340..5667af3 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -1280,7 +1280,12 @@ All these functions are declared in @file{stdio.h}.
- @comment stdio.h
- @comment GNU
- @deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
--@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
-+@c Besides the usual possibility of getting an inconsistent stream in a
-+@c signal handler or leaving it inconsistent in case of cancellation,
-+@c the possibility of leaving a dangling pointer upon cancellation
-+@c between reallocing the buffer at *lineptr and updating the pointer
-+@c brings about another case of incansist.
- This function reads an entire line from @var{stream}, storing the text
- (including the newline and a terminating null character) in a buffer
- and storing the buffer address in @code{*@var{lineptr}}.
-@@ -1316,7 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
- @comment stdio.h
- @comment GNU
- @deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
--@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
-+@c See the getline incansist note.
- This function is like @code{getline} except that the character which
- tells it to stop reading is not necessarily newline. The argument
- @var{delimiter} specifies the delimiter character; @code{getdelim} keeps
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=037213016d6ba4fd70e0026d0c92c4ce1ea3372a
commit 037213016d6ba4fd70e0026d0c92c4ce1ea3372a
Merge: 7c5d1a3 7574e90 0ffbdee
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:05:53 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7c5d1a3e8b6fddd426f720888452bfe0145b3c66
commit 7c5d1a3e8b6fddd426f720888452bfe0145b3c66
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:05:53 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index adebb39..0db42cb 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8fede8f0d0f41c2ad3c321923844ed00a317258f
-Head: 8d679074193b580e3ea1b810b03b6c976a47f9cd
+Previous: 7574e9059a8db40c3176785ed56703a0bdb7d7a5
+Head: 0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
+ refresh-temp: 0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
Unapplied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..4c047be
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,37 @@
+Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
+Top: 255dc76dfd1273775d159fe84d9f9ff35f7d5184
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-28 00:05:52 -0300
+
+Refresh of manual-document-mt-safety-stdio.patch
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 79a3340..5667af3 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -1280,7 +1280,12 @@ All these functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+-@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Besides the usual possibility of getting an inconsistent stream in a
++@c signal handler or leaving it inconsistent in case of cancellation,
++@c the possibility of leaving a dangling pointer upon cancellation
++@c between reallocing the buffer at *lineptr and updating the pointer
++@c brings about another case of incansist.
+ This function reads an entire line from @var{stream}, storing the text
+ (including the newline and a terminating null character) in a buffer
+ and storing the buffer address in @code{*@var{lineptr}}.
+@@ -1316,7 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+-@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c See the getline incansist note.
+ This function is like @code{getline} except that the character which
+ tells it to stop reading is not necessarily newline. The argument
+ @var{delimiter} specifies the delimiter character; @code{getdelim} keeps
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
commit 0ffbdee50057721a4cf1939a2cb3604e1bd3bd08
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Aug 28 00:05:52 2013 -0300
Refresh of manual-document-mt-safety-stdio.patch
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 79a3340..5667af3 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -1280,7 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
-@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1316,7 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
-@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7574e9059a8db40c3176785ed56703a0bdb7d7a5
commit 7574e9059a8db40c3176785ed56703a0bdb7d7a5
Merge: e064e83 8fede8f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:54 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e064e8321054dc11c0135db7c3318aff03e63d8c
commit e064e8321054dc11c0135db7c3318aff03e63d8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:54 2013 -0300
goto
diff --git a/meta b/meta
index 2abfb28..adebb39 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 35bf220e9b40707741474d9892370654b9f67f69
-Head: 7e105f03df345c9d37e09985a410f6d6177d8ed3
+Previous: 8fede8f0d0f41c2ad3c321923844ed00a317258f
+Head: 8d679074193b580e3ea1b810b03b6c976a47f9cd
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
+Unapplied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-threads.patch: b788aa476a3f1241be343db5eed095d40d4e7f99
wip-manual-document-mt-safety-time.patch: d1221244d675ec6bcc205f518c664c13def4a4a6
wip-manual-document-mt-safety-locale.patch: 7e105f03df345c9d37e09985a410f6d6177d8ed3
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8fede8f0d0f41c2ad3c321923844ed00a317258f
commit 8fede8f0d0f41c2ad3c321923844ed00a317258f
Merge: 2b8e11a 7e105f0 35bf220
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:08 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2b8e11abe9014f1ae3c14fb25f1ae94f185f7832
commit 2b8e11abe9014f1ae3c14fb25f1ae94f185f7832
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:08 2013 -0300
refresh
diff --git a/meta b/meta
index 22bb730..2abfb28 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5d6f27b1324fb81c98e6c1d2da2459e7cd9ae292
-Head: 585e327c9509c97ad3feac8b41880d8508f32d5c
+Previous: 35bf220e9b40707741474d9892370654b9f67f69
+Head: 7e105f03df345c9d37e09985a410f6d6177d8ed3
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: af4517fcf40418c102664f0ad468424d974e1579
wip-manual-document-mt-safety-threads.patch: b788aa476a3f1241be343db5eed095d40d4e7f99
wip-manual-document-mt-safety-time.patch: d1221244d675ec6bcc205f518c664c13def4a4a6
- wip-manual-document-mt-safety-locale.patch: 28aa5e47701436456d44e42a505033190371b497
- refresh-temp: 585e327c9509c97ad3feac8b41880d8508f32d5c
+ wip-manual-document-mt-safety-locale.patch: 7e105f03df345c9d37e09985a410f6d6177d8ed3
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 9b82f19..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,113 +0,0 @@
-Bottom: 31a338b2678571adc223b08713e368bb1acb39d9
-Top: f84cb3a8a6935357a83211dd7476aa8cceee29ed
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-27 23:55:06 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index c61360b..36cda7f 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -242,9 +242,27 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c setname ok
- @c _nl_find_locale
- @c getenv LC_ALL and LANG envromt
--@c _nl_load_locale_from_archive
-+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
- @c sysconf _SC_PAGE_SIZE ok
--@c
-+@c _nl_normalize_codeset asmalloc, memleak
-+@c isalnum_l ok (C locale)
-+@c isdigit_l ok (C locale)
-+@c malloc asmalloc, memleak
-+@c tolower_l ok (C locale)
-+@c open_not_cancel_2 fdleak
-+@c fxstat64 ok
-+@c close_not_cancel_no_status ok
-+@c __mmap64 memleak
-+@c calculate_head_size ok
-+@c __munmap ok
-+@c compute_hashval ok
-+@c qsort dup asmalloc, memleak
-+@c rangecmp ok
-+@c malloc asmalloc, memleak
-+@c strdup asmalloc, memleak
-+@c _nl_intern_locale_data asmalloc, memleak
-+@c malloc asmalloc, memleak
-+@c free asmalloc, memleak
- @c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c libc_lock_lock selfdeadlock, lockleak
- @c bsearch ok
-@@ -263,10 +281,66 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c qsort asmalloc, memleak
- @c alias_compare dup
- @c libc_lock_unlock lockleak
--@c _nl_explode_name
--@c _nl_make_l10nflist
--@c _nl_load_locale
-+@c _nl_explode_name asmalloc, memleak
-+@c _nl_find_language ok
-+@c _nl_normalize_codeset dup asmalloc, memleak
-+@c _nl_make_l10nflist asmalloc, memleak
-+@c malloc asmalloc, memleak
-+@c free asmalloc, memleak
-+@c __argz_stringify ok
-+@c __argz_count ok
-+@c __argz_next ok
-+@c _nl_load_locale asmalloc, memleak, fdleak
-+@c open_not_cancel_2 fdleak
-+@c __fxstat64 ok
-+@c close_not_cancel_no_status ok
-+@c mmap memleak
-+@c malloc asmalloc, memleak
-+@c read_not_cancel ok
-+@c free asmalloc, memleak
-+@c _nl_intern_locale_data dup asmalloc, memleak
-+@c munmap ok
- @c __gconv_compare_alias
-+@c __gconv_read_conf oncesafe
-+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
-+@c never modified afterwards)
-+@c __gconv_load_cache asmalloc, memleak, fdleak
-+@c getenv GCONV_PATH envromt
-+@c open_not_cancel fdleak
-+@c __fxstat64 ok
-+@c close_not_cancel_no_status ok
-+@c mmap memleak
-+@c malloc asmalloc, memleak
-+@c __read ok
-+@c free asmalloc, memleak
-+@c munmap ok
-+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
-+@c getcwd asmalloc, memleak, fdleak
-+@c libc_lock_lock selfdeadlock, lockleak
-+@c malloc asmalloc, memleak
-+@c strtok_r ok
-+@c libc_lock_unlock lockleak
-+@c read_conf_file
-+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
-+@c fsetlocking ok
-+@c feof_unlocked ok
-+@c getdelim asmalloc, asynconsist, memleak, incansist
-+@c isspace_l ok (C locale)
-+@c add_alias
-+@c +
-+@c add_module
-+@c +
-+@c __tfind ok (because the tree is read only by then)
-+@c __gconv_alias_compare dup ok
-+@c insert_module
-+@c +
-+@c add_alias2
-+@c +
-+@c __gconv_compare_alias_cache ok
-+@c find_module_idx ok
-+@c do_lookup_alias ok
-+@c __tfind ok (because the tree is read only by then)
-+@c __gconv_alias_compare ok
- @c strndup asmalloc, memleak
- @c strcasecmp_l ok (C locale)
- The function @code{setlocale} sets the current locale for category
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 4e8e107..4978c4d 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: ea3ba54c73d659d8dfd72d24ca9bff1fd9d533a6
-Top: 31a338b2678571adc223b08713e368bb1acb39d9
+Top: f84cb3a8a6935357a83211dd7476aa8cceee29ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,10 +13,10 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..c61360b 100644
+index 2f10fcd..36cda7f 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,51 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,125 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
@@ -38,9 +38,27 @@ index 2f10fcd..c61360b 100644
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
-+@c _nl_load_locale_from_archive
++@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
-+@c
++@c _nl_normalize_codeset asmalloc, memleak
++@c isalnum_l ok (C locale)
++@c isdigit_l ok (C locale)
++@c malloc asmalloc, memleak
++@c tolower_l ok (C locale)
++@c open_not_cancel_2 fdleak
++@c fxstat64 ok
++@c close_not_cancel_no_status ok
++@c __mmap64 memleak
++@c calculate_head_size ok
++@c __munmap ok
++@c compute_hashval ok
++@c qsort dup asmalloc, memleak
++@c rangecmp ok
++@c malloc asmalloc, memleak
++@c strdup asmalloc, memleak
++@c _nl_intern_locale_data asmalloc, memleak
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
@@ -59,10 +77,66 @@ index 2f10fcd..c61360b 100644
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
-+@c _nl_explode_name
-+@c _nl_make_l10nflist
-+@c _nl_load_locale
++@c _nl_explode_name asmalloc, memleak
++@c _nl_find_language ok
++@c _nl_normalize_codeset dup asmalloc, memleak
++@c _nl_make_l10nflist asmalloc, memleak
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
++@c __argz_stringify ok
++@c __argz_count ok
++@c __argz_next ok
++@c _nl_load_locale asmalloc, memleak, fdleak
++@c open_not_cancel_2 fdleak
++@c __fxstat64 ok
++@c close_not_cancel_no_status ok
++@c mmap memleak
++@c malloc asmalloc, memleak
++@c read_not_cancel ok
++@c free asmalloc, memleak
++@c _nl_intern_locale_data dup asmalloc, memleak
++@c munmap ok
+@c __gconv_compare_alias
++@c __gconv_read_conf oncesafe
++@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
++@c never modified afterwards)
++@c __gconv_load_cache asmalloc, memleak, fdleak
++@c getenv GCONV_PATH envromt
++@c open_not_cancel fdleak
++@c __fxstat64 ok
++@c close_not_cancel_no_status ok
++@c mmap memleak
++@c malloc asmalloc, memleak
++@c __read ok
++@c free asmalloc, memleak
++@c munmap ok
++@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
++@c getcwd asmalloc, memleak, fdleak
++@c libc_lock_lock selfdeadlock, lockleak
++@c malloc asmalloc, memleak
++@c strtok_r ok
++@c libc_lock_unlock lockleak
++@c read_conf_file
++@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c fsetlocking ok
++@c feof_unlocked ok
++@c getdelim asmalloc, asynconsist, memleak, incansist
++@c isspace_l ok (C locale)
++@c add_alias
++@c +
++@c add_module
++@c +
++@c __tfind ok (because the tree is read only by then)
++@c __gconv_alias_compare dup ok
++@c insert_module
++@c +
++@c add_alias2
++@c +
++@c __gconv_compare_alias_cache ok
++@c find_module_idx ok
++@c do_lookup_alias ok
++@c __tfind ok (because the tree is read only by then)
++@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35bf220e9b40707741474d9892370654b9f67f69
commit 35bf220e9b40707741474d9892370654b9f67f69
Merge: ca0fa63 5d6f27b 585e327
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:08 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca0fa63d280951ab986dbc124dbbdd2f3844fa44
commit ca0fa63d280951ab986dbc124dbbdd2f3844fa44
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:08 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index ef8f3fb..22bb730 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5428a9ce16a23494132ddcc2d21477938ef3b5ee
-Head: 28aa5e47701436456d44e42a505033190371b497
+Previous: 5d6f27b1324fb81c98e6c1d2da2459e7cd9ae292
+Head: 585e327c9509c97ad3feac8b41880d8508f32d5c
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: b788aa476a3f1241be343db5eed095d40d4e7f99
wip-manual-document-mt-safety-time.patch: d1221244d675ec6bcc205f518c664c13def4a4a6
wip-manual-document-mt-safety-locale.patch: 28aa5e47701436456d44e42a505033190371b497
+ refresh-temp: 585e327c9509c97ad3feac8b41880d8508f32d5c
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..9b82f19
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,113 @@
+Bottom: 31a338b2678571adc223b08713e368bb1acb39d9
+Top: f84cb3a8a6935357a83211dd7476aa8cceee29ed
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-27 23:55:06 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index c61360b..36cda7f 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -242,9 +242,27 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c setname ok
+ @c _nl_find_locale
+ @c getenv LC_ALL and LANG envromt
+-@c _nl_load_locale_from_archive
++@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+ @c sysconf _SC_PAGE_SIZE ok
+-@c
++@c _nl_normalize_codeset asmalloc, memleak
++@c isalnum_l ok (C locale)
++@c isdigit_l ok (C locale)
++@c malloc asmalloc, memleak
++@c tolower_l ok (C locale)
++@c open_not_cancel_2 fdleak
++@c fxstat64 ok
++@c close_not_cancel_no_status ok
++@c __mmap64 memleak
++@c calculate_head_size ok
++@c __munmap ok
++@c compute_hashval ok
++@c qsort dup asmalloc, memleak
++@c rangecmp ok
++@c malloc asmalloc, memleak
++@c strdup asmalloc, memleak
++@c _nl_intern_locale_data asmalloc, memleak
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
+ @c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c libc_lock_lock selfdeadlock, lockleak
+ @c bsearch ok
+@@ -263,10 +281,66 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c qsort asmalloc, memleak
+ @c alias_compare dup
+ @c libc_lock_unlock lockleak
+-@c _nl_explode_name
+-@c _nl_make_l10nflist
+-@c _nl_load_locale
++@c _nl_explode_name asmalloc, memleak
++@c _nl_find_language ok
++@c _nl_normalize_codeset dup asmalloc, memleak
++@c _nl_make_l10nflist asmalloc, memleak
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
++@c __argz_stringify ok
++@c __argz_count ok
++@c __argz_next ok
++@c _nl_load_locale asmalloc, memleak, fdleak
++@c open_not_cancel_2 fdleak
++@c __fxstat64 ok
++@c close_not_cancel_no_status ok
++@c mmap memleak
++@c malloc asmalloc, memleak
++@c read_not_cancel ok
++@c free asmalloc, memleak
++@c _nl_intern_locale_data dup asmalloc, memleak
++@c munmap ok
+ @c __gconv_compare_alias
++@c __gconv_read_conf oncesafe
++@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
++@c never modified afterwards)
++@c __gconv_load_cache asmalloc, memleak, fdleak
++@c getenv GCONV_PATH envromt
++@c open_not_cancel fdleak
++@c __fxstat64 ok
++@c close_not_cancel_no_status ok
++@c mmap memleak
++@c malloc asmalloc, memleak
++@c __read ok
++@c free asmalloc, memleak
++@c munmap ok
++@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
++@c getcwd asmalloc, memleak, fdleak
++@c libc_lock_lock selfdeadlock, lockleak
++@c malloc asmalloc, memleak
++@c strtok_r ok
++@c libc_lock_unlock lockleak
++@c read_conf_file
++@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c fsetlocking ok
++@c feof_unlocked ok
++@c getdelim asmalloc, asynconsist, memleak, incansist
++@c isspace_l ok (C locale)
++@c add_alias
++@c +
++@c add_module
++@c +
++@c __tfind ok (because the tree is read only by then)
++@c __gconv_alias_compare dup ok
++@c insert_module
++@c +
++@c add_alias2
++@c +
++@c __gconv_compare_alias_cache ok
++@c find_module_idx ok
++@c do_lookup_alias ok
++@c __tfind ok (because the tree is read only by then)
++@c __gconv_alias_compare ok
+ @c strndup asmalloc, memleak
+ @c strcasecmp_l ok (C locale)
+ The function @code{setlocale} sets the current locale for category
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=585e327c9509c97ad3feac8b41880d8508f32d5c
commit 585e327c9509c97ad3feac8b41880d8508f32d5c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 27 23:55:06 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index c61360b..36cda7f 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -242,9 +242,27 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c setname ok
@c _nl_find_locale
@c getenv LC_ALL and LANG envromt
-@c _nl_load_locale_from_archive
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
@c sysconf _SC_PAGE_SIZE ok
-@c
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c libc_lock_lock selfdeadlock, lockleak
@c bsearch ok
@@ -263,10 +281,66 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c qsort asmalloc, memleak
@c alias_compare dup
@c libc_lock_unlock lockleak
-@c _nl_explode_name
-@c _nl_make_l10nflist
-@c _nl_load_locale
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
@c __gconv_compare_alias
+@c __gconv_read_conf oncesafe
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c +
+@c add_module
+@c +
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module
+@c +
+@c add_alias2
+@c +
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
@c strndup asmalloc, memleak
@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7e105f03df345c9d37e09985a410f6d6177d8ed3
commit 7e105f03df345c9d37e09985a410f6d6177d8ed3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..36cda7f 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,125 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive asmalloc, memleak, fdleak
+@c sysconf _SC_PAGE_SIZE ok
+@c _nl_normalize_codeset asmalloc, memleak
+@c isalnum_l ok (C locale)
+@c isdigit_l ok (C locale)
+@c malloc asmalloc, memleak
+@c tolower_l ok (C locale)
+@c open_not_cancel_2 fdleak
+@c fxstat64 ok
+@c close_not_cancel_no_status ok
+@c __mmap64 memleak
+@c calculate_head_size ok
+@c __munmap ok
+@c compute_hashval ok
+@c qsort dup asmalloc, memleak
+@c rangecmp ok
+@c malloc asmalloc, memleak
+@c strdup asmalloc, memleak
+@c _nl_intern_locale_data asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name asmalloc, memleak
+@c _nl_find_language ok
+@c _nl_normalize_codeset dup asmalloc, memleak
+@c _nl_make_l10nflist asmalloc, memleak
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c __argz_stringify ok
+@c __argz_count ok
+@c __argz_next ok
+@c _nl_load_locale asmalloc, memleak, fdleak
+@c open_not_cancel_2 fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c read_not_cancel ok
+@c free asmalloc, memleak
+@c _nl_intern_locale_data dup asmalloc, memleak
+@c munmap ok
+@c __gconv_compare_alias
+@c __gconv_read_conf oncesafe
+@c (libc_once-initializes gconv_cache and gconv_path_envvar; they're
+@c never modified afterwards)
+@c __gconv_load_cache asmalloc, memleak, fdleak
+@c getenv GCONV_PATH envromt
+@c open_not_cancel fdleak
+@c __fxstat64 ok
+@c close_not_cancel_no_status ok
+@c mmap memleak
+@c malloc asmalloc, memleak
+@c __read ok
+@c free asmalloc, memleak
+@c munmap ok
+@c __gconv_get_path selfdeadlock, asmalloc, lockleak, memleak, fdleak
+@c getcwd asmalloc, memleak, fdleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c malloc asmalloc, memleak
+@c strtok_r ok
+@c libc_lock_unlock lockleak
+@c read_conf_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c getdelim asmalloc, asynconsist, memleak, incansist
+@c isspace_l ok (C locale)
+@c add_alias
+@c +
+@c add_module
+@c +
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare dup ok
+@c insert_module
+@c +
+@c add_alias2
+@c +
+@c __gconv_compare_alias_cache ok
+@c find_module_idx ok
+@c do_lookup_alias ok
+@c __tfind ok (because the tree is read only by then)
+@c __gconv_alias_compare ok
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d6f27b1324fb81c98e6c1d2da2459e7cd9ae292
commit 5d6f27b1324fb81c98e6c1d2da2459e7cd9ae292
Merge: 55beeb7 5428a9c 28aa5e4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:21 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55beeb75bd4785f689e168e77f30ffa5c7ce8eb8
commit 55beeb75bd4785f689e168e77f30ffa5c7ce8eb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:21 2013 -0300
push
diff --git a/meta b/meta
index 97c3d43..ef8f3fb 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2aa2c5a67e8c3e47045671b98533fe297ae7c392
-Head: eb3c85b71c56902290473a92e6c8f3ffa4852964
+Previous: 5428a9ce16a23494132ddcc2d21477938ef3b5ee
+Head: 28aa5e47701436456d44e42a505033190371b497
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: eb3c85b71c56902290473a92e6c8f3ffa4852964
+ wip-manual-document-mt-safety-terminal.patch: af4517fcf40418c102664f0ad468424d974e1579
+ wip-manual-document-mt-safety-threads.patch: b788aa476a3f1241be343db5eed095d40d4e7f99
+ wip-manual-document-mt-safety-time.patch: d1221244d675ec6bcc205f518c664c13def4a4a6
+ wip-manual-document-mt-safety-locale.patch: 28aa5e47701436456d44e42a505033190371b497
Unapplied:
- wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
- wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
- wip-manual-document-mt-safety-time.patch: a291cda1774c1e793b243fb5ddb2ce149146e05c
- wip-manual-document-mt-safety-locale.patch: c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index b99d2f8..4e8e107 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 511381f5668e2c5f5c71e78b94857fa5949c5e6a
-Top: b3d747791c6e00f127bed74d0194e39b84d6c9fd
+Bottom: ea3ba54c73d659d8dfd72d24ca9bff1fd9d533a6
+Top: 31a338b2678571adc223b08713e368bb1acb39d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 754a24f..c988723 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: af9838055fbc34eb8b44aa085a768b6672e2709a
-Top: d8e3ec6f9c84125123581d0857fc1a7740d2ab5e
+Bottom: c7851f3716d07cb79899c2afd9060ba0012286ea
+Top: a82741c4de572d76f0acefac779c7b54549081ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 4c7b0f3..24a89ae 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: d8e3ec6f9c84125123581d0857fc1a7740d2ab5e
-Top: 641c5335da113539c91a8a562d69e4238302df7e
+Bottom: a82741c4de572d76f0acefac779c7b54549081ad
+Top: 121d21001f9a090049c70d632774252aca77b79d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 5c0bd03..e021f3a 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 641c5335da113539c91a8a562d69e4238302df7e
-Top: 511381f5668e2c5f5c71e78b94857fa5949c5e6a
+Bottom: 121d21001f9a090049c70d632774252aca77b79d
+Top: ea3ba54c73d659d8dfd72d24ca9bff1fd9d533a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=28aa5e47701436456d44e42a505033190371b497
commit 28aa5e47701436456d44e42a505033190371b497
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..c61360b 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,51 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c sysconf _SC_PAGE_SIZE ok
+@c
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1221244d675ec6bcc205f518c664c13def4a4a6
commit d1221244d675ec6bcc205f518c664c13def4a4a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b788aa476a3f1241be343db5eed095d40d4e7f99
commit b788aa476a3f1241be343db5eed095d40d4e7f99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af4517fcf40418c102664f0ad468424d974e1579
commit af4517fcf40418c102664f0ad468424d974e1579
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5428a9ce16a23494132ddcc2d21477938ef3b5ee
commit 5428a9ce16a23494132ddcc2d21477938ef3b5ee
Merge: d8515c7 2aa2c5a eb3c85b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:17 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d8515c70915a4db348199ad3990f3a2fa25314b3
commit d8515c70915a4db348199ad3990f3a2fa25314b3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:17 2013 -0300
refresh
diff --git a/meta b/meta
index a38d7cc..97c3d43 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: be4dfd95253efe35c9798bb597ecfecc577dbc29
-Head: ebcf6384c324c693605081cb3e82e0e90d67bc0d
+Previous: 2aa2c5a67e8c3e47045671b98533fe297ae7c392
+Head: eb3c85b71c56902290473a92e6c8f3ffa4852964
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -24,8 +24,7 @@ Applied:
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
- wip-manual-document-mt-safety-string.patch: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
- refresh-temp: ebcf6384c324c693605081cb3e82e0e90d67bc0d
+ wip-manual-document-mt-safety-string.patch: eb3c85b71c56902290473a92e6c8f3ffa4852964
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 11af8e7..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,29 +0,0 @@
-Bottom: af9838055fbc34eb8b44aa085a768b6672e2709a
-Top: c7851f3716d07cb79899c2afd9060ba0012286ea
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:43:17 -0300
-
-Refresh of wip-manual-document-mt-safety-string.patch
-
----
-
-diff --git a/manual/string.texi b/manual/string.texi
-index b2e97bc..1408033 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -1646,6 +1646,7 @@ This function is a GNU extension.
- @comment string.h
- @comment ISO
- @deftypefun {char *} strchr (const char *@var{string}, int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{strchr} function finds the first occurrence of the character
- @var{c} (converted to a @code{char}) in the null-terminated string
- beginning at @var{string}. The return value is a pointer to the located
-@@ -1687,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
- @comment string.h
- @comment GNU
- @deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- @code{strchrnul} is the same as @code{strchr} except that if it does
- not find the character, it returns a pointer to string's terminating
- null character rather than a null pointer.
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index da014c8..de41b62 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
Bottom: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
-Top: af9838055fbc34eb8b44aa085a768b6672e2709a
+Top: c7851f3716d07cb79899c2afd9060ba0012286ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..b2e97bc 100644
+index 246be84..1408033 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@@ -46,7 +46,23 @@ index 246be84..b2e97bc 100644
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
-@@ -2675,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
+@@ -1637,6 +1646,7 @@ This function is a GNU extension.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strchr (const char *@var{string}, int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{strchr} function finds the first occurrence of the character
+ @var{c} (converted to a @code{char}) in the null-terminated string
+ beginning at @var{string}. The return value is a pointer to the located
+@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{strchrnul} is the same as @code{strchr} except that if it does
+ not find the character, it returns a pointer to string's terminating
+ null character rather than a null pointer.
+@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2aa2c5a67e8c3e47045671b98533fe297ae7c392
commit 2aa2c5a67e8c3e47045671b98533fe297ae7c392
Merge: a463f86 be4dfd9 ebcf638
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:17 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a463f868ddee03aa3a1ca4c836cd65688e8e97d8
commit a463f868ddee03aa3a1ca4c836cd65688e8e97d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:17 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 4ac2bf9..a38d7cc 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a67c68634f93c5105d53ff73050a9567efa32855
-Head: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
+Previous: be4dfd95253efe35c9798bb597ecfecc577dbc29
+Head: ebcf6384c324c693605081cb3e82e0e90d67bc0d
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,6 +25,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
+ refresh-temp: ebcf6384c324c693605081cb3e82e0e90d67bc0d
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..11af8e7
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,29 @@
+Bottom: af9838055fbc34eb8b44aa085a768b6672e2709a
+Top: c7851f3716d07cb79899c2afd9060ba0012286ea
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:43:17 -0300
+
+Refresh of wip-manual-document-mt-safety-string.patch
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index b2e97bc..1408033 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1646,6 +1646,7 @@ This function is a GNU extension.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strchr (const char *@var{string}, int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{strchr} function finds the first occurrence of the character
+ @var{c} (converted to a @code{char}) in the null-terminated string
+ beginning at @var{string}. The return value is a pointer to the located
+@@ -1687,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{strchrnul} is the same as @code{strchr} except that if it does
+ not find the character, it returns a pointer to string's terminating
+ null character rather than a null pointer.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebcf6384c324c693605081cb3e82e0e90d67bc0d
commit ebcf6384c324c693605081cb3e82e0e90d67bc0d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:43:17 2013 -0300
Refresh of wip-manual-document-mt-safety-string.patch
diff --git a/manual/string.texi b/manual/string.texi
index b2e97bc..1408033 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1646,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1687,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=be4dfd95253efe35c9798bb597ecfecc577dbc29
commit be4dfd95253efe35c9798bb597ecfecc577dbc29
Merge: b60a366 a67c686
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:38 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b60a3667a5c997acc76d052a13310076df12f94c
commit b60a3667a5c997acc76d052a13310076df12f94c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:38 2013 -0300
goto
diff --git a/meta b/meta
index 97dfa44..4ac2bf9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: e59651198625879010e0d6e986d39d7bdbd82bcd
-Head: c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
+Previous: a67c68634f93c5105d53ff73050a9567efa32855
+Head: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
+Unapplied:
wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
wip-manual-document-mt-safety-time.patch: a291cda1774c1e793b243fb5ddb2ce149146e05c
wip-manual-document-mt-safety-locale.patch: c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a67c68634f93c5105d53ff73050a9567efa32855
commit a67c68634f93c5105d53ff73050a9567efa32855
Merge: a5b517e c9a3acd e596511
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:35 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a5b517e37839e5a6478fa534c894db73b4c80e14
commit a5b517e37839e5a6478fa534c894db73b4c80e14
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:35 2013 -0300
refresh
diff --git a/meta b/meta
index 88d40a2..97dfa44 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2cd30eb6c230077a3e622ed79af2025dec59521e
-Head: 361c2f138f00349780d52cee4bc6b07fa145d837
+Previous: e59651198625879010e0d6e986d39d7bdbd82bcd
+Head: c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
wip-manual-document-mt-safety-time.patch: a291cda1774c1e793b243fb5ddb2ce149146e05c
- wip-manual-document-mt-safety-locale.patch: 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
- refresh-temp: 361c2f138f00349780d52cee4bc6b07fa145d837
+ wip-manual-document-mt-safety-locale.patch: c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0364d3b..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 52646e829b2c835e9171de316383f334d9b3e858
-Top: b3d747791c6e00f127bed74d0194e39b84d6c9fd
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:42:34 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index fb6de4e..c61360b 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -243,6 +243,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c _nl_find_locale
- @c getenv LC_ALL and LANG envromt
- @c _nl_load_locale_from_archive
-+@c sysconf _SC_PAGE_SIZE ok
-+@c
- @c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c libc_lock_lock selfdeadlock, lockleak
- @c bsearch ok
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 42fce49..b99d2f8 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 511381f5668e2c5f5c71e78b94857fa5949c5e6a
-Top: 52646e829b2c835e9171de316383f334d9b3e858
+Top: b3d747791c6e00f127bed74d0194e39b84d6c9fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,10 +13,10 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..fb6de4e 100644
+index 2f10fcd..c61360b 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,51 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
@@ -39,6 +39,8 @@ index 2f10fcd..fb6de4e 100644
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
++@c sysconf _SC_PAGE_SIZE ok
++@c
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e59651198625879010e0d6e986d39d7bdbd82bcd
commit e59651198625879010e0d6e986d39d7bdbd82bcd
Merge: 5d5ff05 2cd30eb 361c2f1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:35 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d5ff05a908aa72fb6f30eb1c51797774905e275
commit 5d5ff05a908aa72fb6f30eb1c51797774905e275
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:35 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 2bd4d28..88d40a2 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3d8fa4879f06401d0916c29b6f776a437dba442d
-Head: 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
+Previous: 2cd30eb6c230077a3e622ed79af2025dec59521e
+Head: 361c2f138f00349780d52cee4bc6b07fa145d837
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
wip-manual-document-mt-safety-time.patch: a291cda1774c1e793b243fb5ddb2ce149146e05c
wip-manual-document-mt-safety-locale.patch: 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
+ refresh-temp: 361c2f138f00349780d52cee4bc6b07fa145d837
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0364d3b
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 52646e829b2c835e9171de316383f334d9b3e858
+Top: b3d747791c6e00f127bed74d0194e39b84d6c9fd
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:42:34 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index fb6de4e..c61360b 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -243,6 +243,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c _nl_find_locale
+ @c getenv LC_ALL and LANG envromt
+ @c _nl_load_locale_from_archive
++@c sysconf _SC_PAGE_SIZE ok
++@c
+ @c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c libc_lock_lock selfdeadlock, lockleak
+ @c bsearch ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=361c2f138f00349780d52cee4bc6b07fa145d837
commit 361c2f138f00349780d52cee4bc6b07fa145d837
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:42:34 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index fb6de4e..c61360b 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -243,6 +243,8 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c _nl_find_locale
@c getenv LC_ALL and LANG envromt
@c _nl_load_locale_from_archive
+@c sysconf _SC_PAGE_SIZE ok
+@c
@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c libc_lock_lock selfdeadlock, lockleak
@c bsearch ok
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2cd30eb6c230077a3e622ed79af2025dec59521e
commit 2cd30eb6c230077a3e622ed79af2025dec59521e
Merge: f1c281a 3d8fa48 5e94ebf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:31 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f1c281a1d354d4785e5bdfdb76dfecb2d79bad56
commit f1c281a1d354d4785e5bdfdb76dfecb2d79bad56
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:31 2013 -0300
push
diff --git a/meta b/meta
index 9fe7e61..2bd4d28 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 94e29d80265b52207e565e321e9db968c8f4d4c5
-Head: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
+Previous: 3d8fa4879f06401d0916c29b6f776a437dba442d
+Head: 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
+ wip-manual-document-mt-safety-terminal.patch: 151d9f30f9e5375996f750ce9ed1ca78c2557d04
+ wip-manual-document-mt-safety-threads.patch: dc11afc981135c6f118733ebf066a0bdc9d3cc9b
+ wip-manual-document-mt-safety-time.patch: a291cda1774c1e793b243fb5ddb2ce149146e05c
+ wip-manual-document-mt-safety-locale.patch: 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
Unapplied:
- wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
- wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
- wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
- wip-manual-document-mt-safety-locale.patch: 0d6b7b87884a1f14a235b23ba098e70a0541225a
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 98bac37..42fce49 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 2fa9c7496d316b6dac213c6948024196e3a9ec7a
-Top: 057edc20976415995ffe1c7466b372eee5307111
+Bottom: 511381f5668e2c5f5c71e78b94857fa5949c5e6a
+Top: 52646e829b2c835e9171de316383f334d9b3e858
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index b6bb922..754a24f 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
-Top: f5fb28eacd5fb855456f96149f0a3685416ef28f
+Bottom: af9838055fbc34eb8b44aa085a768b6672e2709a
+Top: d8e3ec6f9c84125123581d0857fc1a7740d2ab5e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 23a6f69..4c7b0f3 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: f5fb28eacd5fb855456f96149f0a3685416ef28f
-Top: 78eb6bbe9d1393a8eb05ed604e663d665fba6fe7
+Bottom: d8e3ec6f9c84125123581d0857fc1a7740d2ab5e
+Top: 641c5335da113539c91a8a562d69e4238302df7e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index f0e31f9..5c0bd03 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 78eb6bbe9d1393a8eb05ed604e663d665fba6fe7
-Top: 2fa9c7496d316b6dac213c6948024196e3a9ec7a
+Bottom: 641c5335da113539c91a8a562d69e4238302df7e
+Top: 511381f5668e2c5f5c71e78b94857fa5949c5e6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
commit c9a3acd6f2fa5ad839ae93229d3ae2c2ab7a04e6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..c61360b 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,51 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c sysconf _SC_PAGE_SIZE ok
+@c
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
commit 5e94ebf07ad1a532d9e6ece0ddd7245359f11aa5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..fb6de4e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a291cda1774c1e793b243fb5ddb2ce149146e05c
commit a291cda1774c1e793b243fb5ddb2ce149146e05c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc11afc981135c6f118733ebf066a0bdc9d3cc9b
commit dc11afc981135c6f118733ebf066a0bdc9d3cc9b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=151d9f30f9e5375996f750ce9ed1ca78c2557d04
commit 151d9f30f9e5375996f750ce9ed1ca78c2557d04
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3d8fa4879f06401d0916c29b6f776a437dba442d
commit 3d8fa4879f06401d0916c29b6f776a437dba442d
Merge: 24a50b1 94e29d8 f837e60
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:29 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=24a50b1f949191efbccd45d1adf068e4303195c3
commit 24a50b1f949191efbccd45d1adf068e4303195c3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:29 2013 -0300
refresh
diff --git a/meta b/meta
index 34e5c7f..9fe7e61 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 142338a8020dbd9573ab658ae9e9a337b06fb1b4
-Head: 2018a4c434021a317c4b5853c012d9ca4e1493ea
+Previous: 94e29d80265b52207e565e321e9db968c8f4d4c5
+Head: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -24,8 +24,7 @@ Applied:
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
- wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
- refresh-temp: 2018a4c434021a317c4b5853c012d9ca4e1493ea
+ wip-manual-document-mt-safety-string.patch: f837e602ebfa9526f10cd34ce6279699cd6bdf6d
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 336d5a4..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,20 +0,0 @@
-Bottom: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
-Top: af9838055fbc34eb8b44aa085a768b6672e2709a
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:25:28 -0300
-
-Refresh of wip-manual-document-mt-safety-string.patch
-
----
-
-diff --git a/manual/string.texi b/manual/string.texi
-index 6673a61..b2e97bc 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -2684,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
- The @code{envz_strip} function removes any null entries from @var{envz},
- updating @code{*@var{envz}} and @code{*@var{envz_len}}.
- @end deftypefun
-+
-+@c FIXME this are undocumented:
-+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 3f62e14..da014c8 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
Bottom: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
-Top: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
+Top: af9838055fbc34eb8b44aa085a768b6672e2709a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..6673a61 100644
+index 246be84..b2e97bc 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@@ -46,3 +46,10 @@ index 246be84..6673a61 100644
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
+@@ -2675,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
+ The @code{envz_strip} function removes any null entries from @var{envz},
+ updating @code{*@var{envz}} and @code{*@var{envz_len}}.
+ @end deftypefun
++
++@c FIXME this are undocumented:
++@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=94e29d80265b52207e565e321e9db968c8f4d4c5
commit 94e29d80265b52207e565e321e9db968c8f4d4c5
Merge: 00079d2 142338a 2018a4c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:29 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=00079d276278be7620c3c4acf0beeac42a0629be
commit 00079d276278be7620c3c4acf0beeac42a0629be
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:29 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 7e591a3..34e5c7f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 86b252b4e0fd3a5bbbb4389ca245411c5a2b2cab
-Head: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+Previous: 142338a8020dbd9573ab658ae9e9a337b06fb1b4
+Head: 2018a4c434021a317c4b5853c012d9ca4e1493ea
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,6 +25,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+ refresh-temp: 2018a4c434021a317c4b5853c012d9ca4e1493ea
Unapplied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..336d5a4
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,20 @@
+Bottom: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
+Top: af9838055fbc34eb8b44aa085a768b6672e2709a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:25:28 -0300
+
+Refresh of wip-manual-document-mt-safety-string.patch
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index 6673a61..b2e97bc 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -2684,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
+ The @code{envz_strip} function removes any null entries from @var{envz},
+ updating @code{*@var{envz}} and @code{*@var{envz_len}}.
+ @end deftypefun
++
++@c FIXME this are undocumented:
++@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2018a4c434021a317c4b5853c012d9ca4e1493ea
commit 2018a4c434021a317c4b5853c012d9ca4e1493ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:25:28 2013 -0300
Refresh of wip-manual-document-mt-safety-string.patch
diff --git a/manual/string.texi b/manual/string.texi
index 6673a61..b2e97bc 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -2684,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=142338a8020dbd9573ab658ae9e9a337b06fb1b4
commit 142338a8020dbd9573ab658ae9e9a337b06fb1b4
Merge: d59c0ad 86b252b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:24:06 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d59c0ade89a049bd30d8f82e4ca0a4df8e078106
commit d59c0ade89a049bd30d8f82e4ca0a4df8e078106
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:24:05 2013 -0300
goto
diff --git a/meta b/meta
index 9ad3ef3..7e591a3 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a6502fa2c6ae71b28a941ce720f4deb7f49677cc
-Head: 0d6b7b87884a1f14a235b23ba098e70a0541225a
+Previous: 86b252b4e0fd3a5bbbb4389ca245411c5a2b2cab
+Head: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+Unapplied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
wip-manual-document-mt-safety-locale.patch: 0d6b7b87884a1f14a235b23ba098e70a0541225a
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=86b252b4e0fd3a5bbbb4389ca245411c5a2b2cab
commit 86b252b4e0fd3a5bbbb4389ca245411c5a2b2cab
Merge: c5d742a a6502fa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:48 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c5d742a23e6380bf8d7bfe7459d9b9401902f305
commit c5d742a23e6380bf8d7bfe7459d9b9401902f305
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:48 2013 -0300
push
diff --git a/meta b/meta
index e0158a5..9ad3ef3 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a07f90227ed1cdca12cb12c5b0afb9a822e709d3
-Head: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+Previous: a6502fa2c6ae71b28a941ce720f4deb7f49677cc
+Head: 0d6b7b87884a1f14a235b23ba098e70a0541225a
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
-Unapplied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
wip-manual-document-mt-safety-locale.patch: 0d6b7b87884a1f14a235b23ba098e70a0541225a
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6502fa2c6ae71b28a941ce720f4deb7f49677cc
commit a6502fa2c6ae71b28a941ce720f4deb7f49677cc
Merge: a1cd0ed a07f902
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:08 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a1cd0ed613a1745dc7e0a5f4197414b10c39ca8c
commit a1cd0ed613a1745dc7e0a5f4197414b10c39ca8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:08 2013 -0300
goto
diff --git a/meta b/meta
index 1e6d97c..e0158a5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8eeba823c9906f1aec640439a3dccdc7dfaa7a47
-Head: 0d6b7b87884a1f14a235b23ba098e70a0541225a
+Previous: a07f90227ed1cdca12cb12c5b0afb9a822e709d3
+Head: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+Unapplied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
wip-manual-document-mt-safety-locale.patch: 0d6b7b87884a1f14a235b23ba098e70a0541225a
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a07f90227ed1cdca12cb12c5b0afb9a822e709d3
commit a07f90227ed1cdca12cb12c5b0afb9a822e709d3
Merge: 40d9e6d 0d6b7b8 8eeba82
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:06 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=40d9e6dab4a7c9697ef9f7f28f233e30ee7bbda9
commit 40d9e6dab4a7c9697ef9f7f28f233e30ee7bbda9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:06 2013 -0300
refresh
diff --git a/meta b/meta
index 7ed8708..1e6d97c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cdd0e2b60c1518d66669ee829bead657d1c08da5
-Head: 9121c24301b61d4a8716d05e9726cd768c19ba41
+Previous: 8eeba823c9906f1aec640439a3dccdc7dfaa7a47
+Head: 0d6b7b87884a1f14a235b23ba098e70a0541225a
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
- wip-manual-document-mt-safety-locale.patch: a76afadca1a9bb91e89ae6d03785bf81ca328a24
- refresh-temp: 9121c24301b61d4a8716d05e9726cd768c19ba41
+ wip-manual-document-mt-safety-locale.patch: 0d6b7b87884a1f14a235b23ba098e70a0541225a
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index ebd0b6c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,31 +0,0 @@
-Bottom: dd2a7c3959e28966b59d46e83be8ee3831b3badd
-Top: 057edc20976415995ffe1c7466b372eee5307111
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:23:05 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 7d04c64..fb6de4e 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -243,7 +243,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c _nl_find_locale
- @c getenv LC_ALL and LANG envromt
- @c _nl_load_locale_from_archive
--@c _nl_expand_alias
-+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c libc_lock_lock selfdeadlock, lockleak
- @c bsearch ok
- @c alias_compare ok
-@@ -266,7 +266,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c _nl_load_locale
- @c __gconv_compare_alias
- @c strndup asmalloc, memleak
--@c strcasecmp_l (C locale)
-+@c strcasecmp_l ok (C locale)
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 698f3fa..98bac37 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 2fa9c7496d316b6dac213c6948024196e3a9ec7a
-Top: dd2a7c3959e28966b59d46e83be8ee3831b3badd
+Top: 057edc20976415995ffe1c7466b372eee5307111
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..7d04c64 100644
+index 2f10fcd..fb6de4e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -39,7 +39,7 @@ index 2f10fcd..7d04c64 100644
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
-+@c _nl_expand_alias
++@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
@@ -62,7 +62,7 @@ index 2f10fcd..7d04c64 100644
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
-+@c strcasecmp_l (C locale)
++@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8eeba823c9906f1aec640439a3dccdc7dfaa7a47
commit 8eeba823c9906f1aec640439a3dccdc7dfaa7a47
Merge: d12445c cdd0e2b 9121c24
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:06 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d12445ce5bfab09e942863a068004242bb7e35c8
commit d12445ce5bfab09e942863a068004242bb7e35c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:06 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 552c349..7ed8708 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2615eff66f58ba2a674c2cd04ce18ea133f75898
-Head: a76afadca1a9bb91e89ae6d03785bf81ca328a24
+Previous: cdd0e2b60c1518d66669ee829bead657d1c08da5
+Head: 9121c24301b61d4a8716d05e9726cd768c19ba41
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
wip-manual-document-mt-safety-locale.patch: a76afadca1a9bb91e89ae6d03785bf81ca328a24
+ refresh-temp: 9121c24301b61d4a8716d05e9726cd768c19ba41
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..ebd0b6c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,31 @@
+Bottom: dd2a7c3959e28966b59d46e83be8ee3831b3badd
+Top: 057edc20976415995ffe1c7466b372eee5307111
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:23:05 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 7d04c64..fb6de4e 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -243,7 +243,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c _nl_find_locale
+ @c getenv LC_ALL and LANG envromt
+ @c _nl_load_locale_from_archive
+-@c _nl_expand_alias
++@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c libc_lock_lock selfdeadlock, lockleak
+ @c bsearch ok
+ @c alias_compare ok
+@@ -266,7 +266,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c _nl_load_locale
+ @c __gconv_compare_alias
+ @c strndup asmalloc, memleak
+-@c strcasecmp_l (C locale)
++@c strcasecmp_l ok (C locale)
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9121c24301b61d4a8716d05e9726cd768c19ba41
commit 9121c24301b61d4a8716d05e9726cd768c19ba41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:23:05 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 7d04c64..fb6de4e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -243,7 +243,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c _nl_find_locale
@c getenv LC_ALL and LANG envromt
@c _nl_load_locale_from_archive
-@c _nl_expand_alias
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c libc_lock_lock selfdeadlock, lockleak
@c bsearch ok
@c alias_compare ok
@@ -266,7 +266,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c _nl_load_locale
@c __gconv_compare_alias
@c strndup asmalloc, memleak
-@c strcasecmp_l (C locale)
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cdd0e2b60c1518d66669ee829bead657d1c08da5
commit cdd0e2b60c1518d66669ee829bead657d1c08da5
Merge: 4de3f3d 2615eff a76afad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:46 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4de3f3d9ed63d626a41394eaa377ac72a8f7ba9c
commit 4de3f3d9ed63d626a41394eaa377ac72a8f7ba9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:46 2013 -0300
push
diff --git a/meta b/meta
index 30d76a4..552c349 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7ad8fde6572deea2bd8dece20f468f0c0269b03e
-Head: fc558f0f09d7886fab6a27dd914edd28b2e785c0
+Previous: 2615eff66f58ba2a674c2cd04ce18ea133f75898
+Head: a76afadca1a9bb91e89ae6d03785bf81ca328a24
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,12 +22,12 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
+ wip-manual-document-mt-safety-startup.patch: fe85266926a3cdc0450318fd07dc476cf7e3a867
+ wip-manual-document-mt-safety-search.patch: d2a32ac036016171fc3833d98a4237ad820c1e57
+ wip-manual-document-mt-safety-string.patch: a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
+ wip-manual-document-mt-safety-terminal.patch: 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
+ wip-manual-document-mt-safety-threads.patch: 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
+ wip-manual-document-mt-safety-time.patch: 35e818c9626eab6fb53649cf7635ff64427fb5d9
+ wip-manual-document-mt-safety-locale.patch: a76afadca1a9bb91e89ae6d03785bf81ca328a24
Unapplied:
- wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
- wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
- wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
- wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
- wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
- wip-manual-document-mt-safety-time.patch: 99f4367ed4a5684759f98c0a3892814471c5614c
- wip-manual-document-mt-safety-locale.patch: 6f4e45cf07d6783744862ecdec3b2b869616e82c
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 343894a..698f3fa 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: fe8bad047b580707f9f180cdd7e8d6ae53b04de7
-Top: 455c2ab778a60b1dcb4297adc071869fa6d1b05a
+Bottom: 2fa9c7496d316b6dac213c6948024196e3a9ec7a
+Top: dd2a7c3959e28966b59d46e83be8ee3831b3badd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index fee21d1..9f3f3cb 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
-Top: 32435639dae1b4c2a97e179c96d3885673119e94
+Bottom: 7b5b5d8f990508d27c92e7be27499ab075fcd831
+Top: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 34471ed..92fa78a 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
-Top: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
+Bottom: 287a1605130347164da91db888a4abb2da4313a8
+Top: 7b5b5d8f990508d27c92e7be27499ab075fcd831
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 6e1dac1..3f62e14 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 7c3a36b19e96ca71f5c07915ec0dbf244fd1096d
-Top: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
+Bottom: 84ba7139fbdcfc5f51668f8a5c3e0d2ef1124263
+Top: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 162f061..b6bb922 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
-Top: 057d2ee57322c5e4282a657439967073a343503c
+Bottom: 96abc16a5fe1474a4250dc5d84dad1ed6af54a96
+Top: f5fb28eacd5fb855456f96149f0a3685416ef28f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 0c465c2..23a6f69 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 057d2ee57322c5e4282a657439967073a343503c
-Top: c17c82ee20bfc86b88263accac9d3e2bbc7e3114
+Bottom: f5fb28eacd5fb855456f96149f0a3685416ef28f
+Top: 78eb6bbe9d1393a8eb05ed604e663d665fba6fe7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index a8d446d..f0e31f9 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: c17c82ee20bfc86b88263accac9d3e2bbc7e3114
-Top: fe8bad047b580707f9f180cdd7e8d6ae53b04de7
+Bottom: 78eb6bbe9d1393a8eb05ed604e663d665fba6fe7
+Top: 2fa9c7496d316b6dac213c6948024196e3a9ec7a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0d6b7b87884a1f14a235b23ba098e70a0541225a
commit 0d6b7b87884a1f14a235b23ba098e70a0541225a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..fb6de4e 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l ok (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a76afadca1a9bb91e89ae6d03785bf81ca328a24
commit a76afadca1a9bb91e89ae6d03785bf81ca328a24
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..7d04c64 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35e818c9626eab6fb53649cf7635ff64427fb5d9
commit 35e818c9626eab6fb53649cf7635ff64427fb5d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=244ca703c6f4b5d76aa48f77a3416c1bb61aefec
commit 244ca703c6f4b5d76aa48f77a3416c1bb61aefec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eb3c85b71c56902290473a92e6c8f3ffa4852964
commit eb3c85b71c56902290473a92e6c8f3ffa4852964
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..1408033 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -1637,6 +1646,7 @@ This function is a GNU extension.
@comment string.h
@comment ISO
@deftypefun {char *} strchr (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{strchr} function finds the first occurrence of the character
@var{c} (converted to a @code{char}) in the null-terminated string
beginning at @var{string}. The return value is a pointer to the located
@@ -1678,6 +1688,7 @@ to use @code{wcschrnul} in this case, though.
@comment string.h
@comment GNU
@deftypefun {char *} strchrnul (const char *@var{string}, int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{strchrnul} is the same as @code{strchr} except that if it does
not find the character, it returns a pointer to string's terminating
null character rather than a null pointer.
@@ -2675,3 +2686,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f837e602ebfa9526f10cd34ce6279699cd6bdf6d
commit f837e602ebfa9526f10cd34ce6279699cd6bdf6d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..b2e97bc 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
@@ -2675,3 +2684,6 @@ being added to @var{envz}, if @var{override} is false.
The @code{envz_strip} function removes any null entries from @var{envz},
updating @code{*@var{envz}} and @code{*@var{envz_len}}.
@end deftypefun
+
+@c FIXME this are undocumented:
+@c strcasecmp_l @safety{@mtsafe{}@assafe{}@acsafe{}} see strcasecmp
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
commit a7c3f473d44754adf4dd8c4a0fd99fa137f9db69
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..6673a61 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
commit 082eb6cee886cbe72d0a07ee2a7aea1d83d3ccdd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2a32ac036016171fc3833d98a4237ad820c1e57
commit d2a32ac036016171fc3833d98a4237ad820c1e57
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe85266926a3cdc0450318fd07dc476cf7e3a867
commit fe85266926a3cdc0450318fd07dc476cf7e3a867
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2615eff66f58ba2a674c2cd04ce18ea133f75898
commit 2615eff66f58ba2a674c2cd04ce18ea133f75898
Merge: 82871aa fc558f0 7ad8fde
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:38 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=82871aa67761c235a0487aa0b5d6d879fc3d5601
commit 82871aa67761c235a0487aa0b5d6d879fc3d5601
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:38 2013 -0300
float
diff --git a/meta b/meta
index ed3faf8..30d76a4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a5c89a3cc3efb081ead1f5a014b295b47a76476b
-Head: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
+Previous: 7ad8fde6572deea2bd8dece20f468f0c0269b03e
+Head: fc558f0f09d7886fab6a27dd914edd28b2e785c0
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -21,9 +21,9 @@ Applied:
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
+ wip-manual-document-mt-safety-resource.patch: fc558f0f09d7886fab6a27dd914edd28b2e785c0
Unapplied:
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
- wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index d7299d1..2b03b87 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
-Top: 7b5b5d8f990508d27c92e7be27499ab075fcd831
+Bottom: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
+Top: 287a1605130347164da91db888a4abb2da4313a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc558f0f09d7886fab6a27dd914edd28b2e785c0
commit fc558f0f09d7886fab6a27dd914edd28b2e785c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ad8fde6572deea2bd8dece20f468f0c0269b03e
commit 7ad8fde6572deea2bd8dece20f468f0c0269b03e
Merge: 6cb6f77 a5c89a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:35 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6cb6f7773bd87093394cc0e6e29f50b7c941833c
commit 6cb6f7773bd87093394cc0e6e29f50b7c941833c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:35 2013 -0300
pop
diff --git a/meta b/meta
index 8de722b..ed3faf8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ad33171bc2776277971723cc706379d250ae9d58
-Head: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
+Previous: a5c89a3cc3efb081ead1f5a014b295b47a76476b
+Head: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -21,9 +21,9 @@ Applied:
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
+Unapplied:
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
-Unapplied:
wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a5c89a3cc3efb081ead1f5a014b295b47a76476b
commit a5c89a3cc3efb081ead1f5a014b295b47a76476b
Merge: 63f7ae5 ad33171
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:27 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=63f7ae51a949534475ce489633f995b152bfefb6
commit 63f7ae51a949534475ce489633f995b152bfefb6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:27 2013 -0300
float
diff --git a/meta b/meta
index 28812a7..8de722b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 07e9fdf024892970154649093ccac69ee57d673a
-Head: 12d50c8632aaee2f0763bb48c0b69349b09022bb
+Previous: ad33171bc2776277971723cc706379d250ae9d58
+Head: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
-Unapplied:
wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
+Unapplied:
wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad33171bc2776277971723cc706379d250ae9d58
commit ad33171bc2776277971723cc706379d250ae9d58
Merge: 2228cfd 07e9fdf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:25 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2228cfd0e8b76b26ff32fef0c9996a4db86065e9
commit 2228cfd0e8b76b26ff32fef0c9996a4db86065e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:25 2013 -0300
pop
diff --git a/meta b/meta
index a5bd006..28812a7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 982014f3805467e9b2c5b7df8dad4e75c9f31ea8
-Head: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
+Previous: 07e9fdf024892970154649093ccac69ee57d673a
+Head: 12d50c8632aaee2f0763bb48c0b69349b09022bb
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
- wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
Unapplied:
+ wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07e9fdf024892970154649093ccac69ee57d673a
commit 07e9fdf024892970154649093ccac69ee57d673a
Merge: 3a0b725 eb47e54 982014f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:20 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a0b725e8caabfdc5234de6be2f3ba55d77be297
commit 3a0b725e8caabfdc5234de6be2f3ba55d77be297
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:20 2013 -0300
float
diff --git a/meta b/meta
index 4e4f4a9..a5bd006 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: fca20470d3621b5a0f7fd2ffff979889c2307fa5
-Head: 12d50c8632aaee2f0763bb48c0b69349b09022bb
+Previous: 982014f3805467e9b2c5b7df8dad4e75c9f31ea8
+Head: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,9 +22,9 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
+ wip-manual-document-mt-safety-resource.patch: eb47e54bf344d09d6c151a1bd6ea88fa1883c008
Unapplied:
wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
- wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 0c22d97..d7299d1 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 7b568eec0398262e28b2443863236ee58c339139
-Top: 7c3a36b19e96ca71f5c07915ec0dbf244fd1096d
+Bottom: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
+Top: 7b5b5d8f990508d27c92e7be27499ab075fcd831
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eb47e54bf344d09d6c151a1bd6ea88fa1883c008
commit eb47e54bf344d09d6c151a1bd6ea88fa1883c008
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=982014f3805467e9b2c5b7df8dad4e75c9f31ea8
commit 982014f3805467e9b2c5b7df8dad4e75c9f31ea8
Merge: c43a56e fca2047
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:11 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c43a56eb3661dea50f790963f6fa0408c28b0307
commit c43a56eb3661dea50f790963f6fa0408c28b0307
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:11 2013 -0300
pop
diff --git a/meta b/meta
index c0bc6e4..4e4f4a9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c0ca1bdec2c7f9a46efc8569e2e10ab3b52dce6f
-Head: 34f782743f44b2c627e74a640f2f29309d471b99
+Previous: fca20470d3621b5a0f7fd2ffff979889c2307fa5
+Head: 12d50c8632aaee2f0763bb48c0b69349b09022bb
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
- wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
Unapplied:
+ wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fca20470d3621b5a0f7fd2ffff979889c2307fa5
commit fca20470d3621b5a0f7fd2ffff979889c2307fa5
Merge: 133e2fa 34f7827 c0ca1bd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:06 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=133e2fad359acaa8a47e173de700e36a21f48a3c
commit 133e2fad359acaa8a47e173de700e36a21f48a3c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:06 2013 -0300
refresh
diff --git a/meta b/meta
index 06d59f7..c0bc6e4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6d4f78851d1ae9836ba6f804e3ca6941bda32c47
-Head: 6e391f1487c209a836a1c1851014437f6ebf4850
+Previous: c0ca1bdec2c7f9a46efc8569e2e10ab3b52dce6f
+Head: 34f782743f44b2c627e74a640f2f29309d471b99
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -22,8 +22,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
- wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
- refresh-temp: 6e391f1487c209a836a1c1851014437f6ebf4850
+ wip-manual-document-mt-safety-search.patch: 34f782743f44b2c627e74a640f2f29309d471b99
Unapplied:
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 7926963..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,21 +0,0 @@
-Bottom: 7b568eec0398262e28b2443863236ee58c339139
-Top: 32435639dae1b4c2a97e179c96d3885673119e94
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:19:05 -0300
-
-Refresh of wip-manual-document-mt-safety-search.patch
-
----
-
-diff --git a/manual/search.texi b/manual/search.texi
-index 6910edc..46f5f1c 100644
---- a/manual/search.texi
-+++ b/manual/search.texi
-@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
- @comment stdlib.h
- @comment ISO
- @deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{bsearch} function searches the sorted array @var{array} for an object
- that is equivalent to @var{key}. The array contains @var{count} elements,
- each of which is of size @var{size} bytes.
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index e4ddc10..fee21d1 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
Bottom: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
-Top: 7b568eec0398262e28b2443863236ee58c339139
+Top: 32435639dae1b4c2a97e179c96d3885673119e94
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
@@ -13,10 +13,18 @@ for ChangeLog
---
diff --git a/manual/search.texi b/manual/search.texi
-index efd3604..6910edc 100644
+index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
-@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
+@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{bsearch} function searches the sorted array @var{array} for an object
+ that is equivalent to @var{key}. The array contains @var{count} elements,
+ each of which is of size @var{size} bytes.
+@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
@@ -24,7 +32,7 @@ index efd3604..6910edc 100644
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
-@@ -436,6 +437,11 @@ in the header file @file{search.h}.
+@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
@@ -36,7 +44,7 @@ index efd3604..6910edc 100644
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
-@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
+@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
@@ -44,7 +52,7 @@ index efd3604..6910edc 100644
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
-@@ -479,6 +486,7 @@ elements.
+@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
@@ -52,7 +60,7 @@ index efd3604..6910edc 100644
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
-@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
+@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
@@ -60,7 +68,7 @@ index efd3604..6910edc 100644
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
-@@ -546,6 +555,7 @@ The current node is a leaf.
+@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0ca1bdec2c7f9a46efc8569e2e10ab3b52dce6f
commit c0ca1bdec2c7f9a46efc8569e2e10ab3b52dce6f
Merge: 1600648 6d4f788 6e391f1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:06 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1600648c0c791b5f7a566fdf119548a75cff4a50
commit 1600648c0c791b5f7a566fdf119548a75cff4a50
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:06 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 22962b5..06d59f7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0fc9a47333c44d45d4df2a45ad4faca5e1227cf1
-Head: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
+Previous: 6d4f78851d1ae9836ba6f804e3ca6941bda32c47
+Head: 6e391f1487c209a836a1c1851014437f6ebf4850
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -23,6 +23,7 @@ Applied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
+ refresh-temp: 6e391f1487c209a836a1c1851014437f6ebf4850
Unapplied:
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..7926963
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,21 @@
+Bottom: 7b568eec0398262e28b2443863236ee58c339139
+Top: 32435639dae1b4c2a97e179c96d3885673119e94
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:19:05 -0300
+
+Refresh of wip-manual-document-mt-safety-search.patch
+
+---
+
+diff --git a/manual/search.texi b/manual/search.texi
+index 6910edc..46f5f1c 100644
+--- a/manual/search.texi
++++ b/manual/search.texi
+@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{bsearch} function searches the sorted array @var{array} for an object
+ that is equivalent to @var{key}. The array contains @var{count} elements,
+ each of which is of size @var{size} bytes.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6e391f1487c209a836a1c1851014437f6ebf4850
commit 6e391f1487c209a836a1c1851014437f6ebf4850
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:19:05 2013 -0300
Refresh of wip-manual-document-mt-safety-search.patch
diff --git a/manual/search.texi b/manual/search.texi
index 6910edc..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d4f78851d1ae9836ba6f804e3ca6941bda32c47
commit 6d4f78851d1ae9836ba6f804e3ca6941bda32c47
Merge: c52ad6a 0fc9a47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:46 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c52ad6ac983b52c50a47de6fde4694066069691b
commit c52ad6ac983b52c50a47de6fde4694066069691b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:46 2013 -0300
goto
diff --git a/meta b/meta
index 8d69c84..22962b5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5d47ec55940837aed05ebf373eebf52dcfdbe477
-Head: 6f4e45cf07d6783744862ecdec3b2b869616e82c
+Previous: 0fc9a47333c44d45d4df2a45ad4faca5e1227cf1
+Head: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -23,11 +23,11 @@ Applied:
wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
+Unapplied:
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
wip-manual-document-mt-safety-time.patch: 99f4367ed4a5684759f98c0a3892814471c5614c
wip-manual-document-mt-safety-locale.patch: 6f4e45cf07d6783744862ecdec3b2b869616e82c
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0fc9a47333c44d45d4df2a45ad4faca5e1227cf1
commit 0fc9a47333c44d45d4df2a45ad4faca5e1227cf1
Merge: 7044a22 6f4e45c 5d47ec5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:28 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7044a22dfe22bc34da1973d13d9b9252e28208fc
commit 7044a22dfe22bc34da1973d13d9b9252e28208fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:28 2013 -0300
refresh
diff --git a/meta b/meta
index 75cc943..8d69c84 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1e8d69bddd6bb498797ac5830ad010f603f04e3a
-Head: d04cd019c3c869c6e003da7fc621bdc39a1697fd
+Previous: 5d47ec55940837aed05ebf373eebf52dcfdbe477
+Head: 6f4e45cf07d6783744862ecdec3b2b869616e82c
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
wip-manual-document-mt-safety-time.patch: 99f4367ed4a5684759f98c0a3892814471c5614c
- wip-manual-document-mt-safety-locale.patch: 5ec37aadc127410dcee460deadd90b9a14245e01
- refresh-temp: d04cd019c3c869c6e003da7fc621bdc39a1697fd
+ wip-manual-document-mt-safety-locale.patch: 6f4e45cf07d6783744862ecdec3b2b869616e82c
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 3c85733..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,39 +0,0 @@
-Bottom: c671a873d8dd4fd456cb14f37ccdeda91d0cb41f
-Top: 455c2ab778a60b1dcb4297adc071869fa6d1b05a
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 07:18:27 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 491e802..7d04c64 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -245,10 +245,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c _nl_load_locale_from_archive
- @c _nl_expand_alias
- @c libc_lock_lock selfdeadlock, lockleak
--@c bsearch
--@c alias_compare
-+@c bsearch ok
-+@c alias_compare ok
- @c strcasecmp ok
--@c read_alias_file
-+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
- @c fsetlocking ok
- @c feof_unlocked ok
-@@ -258,9 +258,9 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c realloc memleak, asmalloc
- @c realloc memleak, asmalloc
- @c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
--@c qsort ok
-+@c qsort asmalloc, memleak
- @c alias_compare dup
--@c libc_lock_unlock
-+@c libc_lock_unlock lockleak
- @c _nl_explode_name
- @c _nl_make_l10nflist
- @c _nl_load_locale
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index fde5a6a..343894a 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: fe8bad047b580707f9f180cdd7e8d6ae53b04de7
-Top: c671a873d8dd4fd456cb14f37ccdeda91d0cb41f
+Top: 455c2ab778a60b1dcb4297adc071869fa6d1b05a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..491e802 100644
+index 2f10fcd..7d04c64 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -41,10 +41,10 @@ index 2f10fcd..491e802 100644
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
-+@c bsearch
-+@c alias_compare
++@c bsearch ok
++@c alias_compare ok
+@c strcasecmp ok
-+@c read_alias_file
++@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
@@ -54,9 +54,9 @@ index 2f10fcd..491e802 100644
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
-+@c qsort ok
++@c qsort asmalloc, memleak
+@c alias_compare dup
-+@c libc_lock_unlock
++@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d47ec55940837aed05ebf373eebf52dcfdbe477
commit 5d47ec55940837aed05ebf373eebf52dcfdbe477
Merge: 77eff0a 1e8d69b d04cd01
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:28 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=77eff0a63e30408324c28160c443aa91f4502f30
commit 77eff0a63e30408324c28160c443aa91f4502f30
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:28 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 7348036..75cc943 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ffa0f4b3923d9e070eacb011c9458a02f23e5414
-Head: 5ec37aadc127410dcee460deadd90b9a14245e01
+Previous: 1e8d69bddd6bb498797ac5830ad010f603f04e3a
+Head: d04cd019c3c869c6e003da7fc621bdc39a1697fd
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
wip-manual-document-mt-safety-time.patch: 99f4367ed4a5684759f98c0a3892814471c5614c
wip-manual-document-mt-safety-locale.patch: 5ec37aadc127410dcee460deadd90b9a14245e01
+ refresh-temp: d04cd019c3c869c6e003da7fc621bdc39a1697fd
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..3c85733
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,39 @@
+Bottom: c671a873d8dd4fd456cb14f37ccdeda91d0cb41f
+Top: 455c2ab778a60b1dcb4297adc071869fa6d1b05a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 07:18:27 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 491e802..7d04c64 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -245,10 +245,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c _nl_load_locale_from_archive
+ @c _nl_expand_alias
+ @c libc_lock_lock selfdeadlock, lockleak
+-@c bsearch
+-@c alias_compare
++@c bsearch ok
++@c alias_compare ok
+ @c strcasecmp ok
+-@c read_alias_file
++@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+ @c fsetlocking ok
+ @c feof_unlocked ok
+@@ -258,9 +258,9 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c realloc memleak, asmalloc
+ @c realloc memleak, asmalloc
+ @c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+-@c qsort ok
++@c qsort asmalloc, memleak
+ @c alias_compare dup
+-@c libc_lock_unlock
++@c libc_lock_unlock lockleak
+ @c _nl_explode_name
+ @c _nl_make_l10nflist
+ @c _nl_load_locale
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d04cd019c3c869c6e003da7fc621bdc39a1697fd
commit d04cd019c3c869c6e003da7fc621bdc39a1697fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 07:18:27 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 491e802..7d04c64 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -245,10 +245,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c _nl_load_locale_from_archive
@c _nl_expand_alias
@c libc_lock_lock selfdeadlock, lockleak
-@c bsearch
-@c alias_compare
+@c bsearch ok
+@c alias_compare ok
@c strcasecmp ok
-@c read_alias_file
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
@c fsetlocking ok
@c feof_unlocked ok
@@ -258,9 +258,9 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c realloc memleak, asmalloc
@c realloc memleak, asmalloc
@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
-@c qsort ok
+@c qsort asmalloc, memleak
@c alias_compare dup
-@c libc_lock_unlock
+@c libc_lock_unlock lockleak
@c _nl_explode_name
@c _nl_make_l10nflist
@c _nl_load_locale
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6f4e45cf07d6783744862ecdec3b2b869616e82c
commit 6f4e45cf07d6783744862ecdec3b2b869616e82c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..7d04c64 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch ok
+@c alias_compare ok
+@c strcasecmp ok
+@c read_alias_file asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort asmalloc, memleak
+@c alias_compare dup
+@c libc_lock_unlock lockleak
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1e8d69bddd6bb498797ac5830ad010f603f04e3a
commit 1e8d69bddd6bb498797ac5830ad010f603f04e3a
Merge: 93f018f ffa0f4b 5ec37aa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:36 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93f018fcd1cfdee987ed4f92ee29ddf78e8014ab
commit 93f018fcd1cfdee987ed4f92ee29ddf78e8014ab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:36 2013 -0300
push
diff --git a/meta b/meta
index 7200bc3..7348036 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c75984a72f750ab31f6a248a9c24bd231fd4429f
-Head: 1322d0df3da60812c2b42e23710a999109d4b2c8
+Previous: ffa0f4b3923d9e070eacb011c9458a02f23e5414
+Head: 5ec37aadc127410dcee460deadd90b9a14245e01
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
+ wip-manual-document-mt-safety-terminal.patch: f81b15daf3d55fe078f1605002575be2f98d1383
+ wip-manual-document-mt-safety-threads.patch: 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
+ wip-manual-document-mt-safety-time.patch: 99f4367ed4a5684759f98c0a3892814471c5614c
+ wip-manual-document-mt-safety-locale.patch: 5ec37aadc127410dcee460deadd90b9a14245e01
Unapplied:
- wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
- wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
- wip-manual-document-mt-safety-time.patch: afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
- wip-manual-document-mt-safety-locale.patch: 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6269b8c..fde5a6a 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 74f665133c21edd612695fb40b609f8bad0baef9
-Top: e183cf4983754b833aea752d06508ab86b09968d
+Bottom: fe8bad047b580707f9f180cdd7e8d6ae53b04de7
+Top: c671a873d8dd4fd456cb14f37ccdeda91d0cb41f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 134465f..162f061 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 29300d1844347314806a484be6c071c85ba34bfb
-Top: a99f3327e38bc078b866e571ab14fe1173fccded
+Bottom: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
+Top: 057d2ee57322c5e4282a657439967073a343503c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 3f73d01..0c465c2 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: a99f3327e38bc078b866e571ab14fe1173fccded
-Top: 94a334b985bc39aebfecc31bb65b9b8447a71df9
+Bottom: 057d2ee57322c5e4282a657439967073a343503c
+Top: c17c82ee20bfc86b88263accac9d3e2bbc7e3114
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 6e501e1..a8d446d 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 94a334b985bc39aebfecc31bb65b9b8447a71df9
-Top: 74f665133c21edd612695fb40b609f8bad0baef9
+Bottom: c17c82ee20bfc86b88263accac9d3e2bbc7e3114
+Top: fe8bad047b580707f9f180cdd7e8d6ae53b04de7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5ec37aadc127410dcee460deadd90b9a14245e01
commit 5ec37aadc127410dcee460deadd90b9a14245e01
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..491e802 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch
+@c alias_compare
+@c strcasecmp ok
+@c read_alias_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort ok
+@c alias_compare dup
+@c libc_lock_unlock
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=99f4367ed4a5684759f98c0a3892814471c5614c
commit 99f4367ed4a5684759f98c0a3892814471c5614c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
commit 3eac9f8ecd86d5e635fc8a1d1552329d1c47eedb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ffa0f4b3923d9e070eacb011c9458a02f23e5414
commit ffa0f4b3923d9e070eacb011c9458a02f23e5414
Merge: 399071d 1322d0d c75984a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:35 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=399071d7d33968c072eb8fcb840fd71c3243ed0a
commit 399071d7d33968c072eb8fcb840fd71c3243ed0a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:35 2013 -0300
refresh
diff --git a/meta b/meta
index f8be01a..7200bc3 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 65672a533812bb062d5739536cce66e55638fb38
-Head: 668082f1248d37a9887c276bff2c36f593c6ce8b
+Previous: c75984a72f750ab31f6a248a9c24bd231fd4429f
+Head: 1322d0df3da60812c2b42e23710a999109d4b2c8
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -24,8 +24,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
- wip-manual-document-mt-safety-string.patch: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
- refresh-temp: 668082f1248d37a9887c276bff2c36f593c6ce8b
+ wip-manual-document-mt-safety-string.patch: 1322d0df3da60812c2b42e23710a999109d4b2c8
Unapplied:
wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 4f8b9cf..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,25 +0,0 @@
-Bottom: 29300d1844347314806a484be6c071c85ba34bfb
-Top: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 06:46:35 -0300
-
-Refresh of wip-manual-document-mt-safety-string.patch
-
----
-
-diff --git a/manual/string.texi b/manual/string.texi
-index a75d298..6673a61 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
- @comment string.h
- @comment BSD
- @deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Although this calls tolower multiple times, it's a macro, and
-+@c strcasecmp is optimized so that the locale pointer is read only once.
-+@c There are some asm implementations too, for which the single-read
-+@c from locale TLS pointers also applies.
- This function is like @code{strcmp}, except that differences in case are
- ignored. How uppercase and lowercase characters are related is
- determined by the currently selected locale. In the standard @code{"C"}
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index c14cc77..6e1dac1 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
Bottom: 7c3a36b19e96ca71f5c07915ec0dbf244fd1096d
-Top: 29300d1844347314806a484be6c071c85ba34bfb
+Top: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
@@ -13,10 +13,22 @@ for ChangeLog
---
diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..a75d298 100644
+index 246be84..6673a61 100644
--- a/manual/string.texi
+++ b/manual/string.texi
-@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
+@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
+ @comment string.h
+ @comment BSD
+ @deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Although this calls tolower multiple times, it's a macro, and
++@c strcasecmp is optimized so that the locale pointer is read only once.
++@c There are some asm implementations too, for which the single-read
++@c from locale TLS pointers also applies.
+ This function is like @code{strcmp}, except that differences in case are
+ ignored. How uppercase and lowercase characters are related is
+ determined by the currently selected locale. In the standard @code{"C"}
+@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
@@ -25,7 +37,7 @@ index 246be84..a75d298 100644
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
-@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f81b15daf3d55fe078f1605002575be2f98d1383
commit f81b15daf3d55fe078f1605002575be2f98d1383
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c75984a72f750ab31f6a248a9c24bd231fd4429f
commit c75984a72f750ab31f6a248a9c24bd231fd4429f
Merge: 19b679d 65672a5 668082f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:35 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=19b679df15a1ba81627984037e60bbd03281b2b0
commit 19b679df15a1ba81627984037e60bbd03281b2b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:35 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index e2fa3cc..f8be01a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 782f16be9b7b2063145c7e6674c7899c0ce44b1d
-Head: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
+Previous: 65672a533812bb062d5739536cce66e55638fb38
+Head: 668082f1248d37a9887c276bff2c36f593c6ce8b
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,6 +25,7 @@ Applied:
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
+ refresh-temp: 668082f1248d37a9887c276bff2c36f593c6ce8b
Unapplied:
wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..4f8b9cf
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,25 @@
+Bottom: 29300d1844347314806a484be6c071c85ba34bfb
+Top: fda3912674c43eb3cfb9ce73f0a0a3895805a9d4
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 06:46:35 -0300
+
+Refresh of wip-manual-document-mt-safety-string.patch
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index a75d298..6673a61 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
+ @comment string.h
+ @comment BSD
+ @deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Although this calls tolower multiple times, it's a macro, and
++@c strcasecmp is optimized so that the locale pointer is read only once.
++@c There are some asm implementations too, for which the single-read
++@c from locale TLS pointers also applies.
+ This function is like @code{strcmp}, except that differences in case are
+ ignored. How uppercase and lowercase characters are related is
+ determined by the currently selected locale. In the standard @code{"C"}
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=668082f1248d37a9887c276bff2c36f593c6ce8b
commit 668082f1248d37a9887c276bff2c36f593c6ce8b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:35 2013 -0300
Refresh of wip-manual-document-mt-safety-string.patch
diff --git a/manual/string.texi b/manual/string.texi
index a75d298..6673a61 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=65672a533812bb062d5739536cce66e55638fb38
commit 65672a533812bb062d5739536cce66e55638fb38
Merge: badaa5d 782f16b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:24 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=badaa5d2fe565121a9b42bd4cc9be8feebf24526
commit badaa5d2fe565121a9b42bd4cc9be8feebf24526
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:24 2013 -0300
goto
diff --git a/meta b/meta
index 78e0b5a..e2fa3cc 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 825aa89c03cbc714bebc54c55a9f80674ec3d947
-Head: 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
+Previous: 782f16be9b7b2063145c7e6674c7899c0ce44b1d
+Head: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -25,9 +25,9 @@ Applied:
wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
wip-manual-document-mt-safety-string.patch: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
+Unapplied:
wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
wip-manual-document-mt-safety-time.patch: afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
wip-manual-document-mt-safety-locale.patch: 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=782f16be9b7b2063145c7e6674c7899c0ce44b1d
commit 782f16be9b7b2063145c7e6674c7899c0ce44b1d
Merge: 48deea9 5eed36e 825aa89
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:21 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=48deea9e4ae2ef1dfec92891ddc37590bc1620d2
commit 48deea9e4ae2ef1dfec92891ddc37590bc1620d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:21 2013 -0300
refresh
diff --git a/meta b/meta
index d97177b..78e0b5a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1628f8d30114c6bb2ba4ff7eb1687c17af8c3ab5
-Head: bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
+Previous: 825aa89c03cbc714bebc54c55a9f80674ec3d947
+Head: 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -28,7 +28,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
wip-manual-document-mt-safety-time.patch: afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
- wip-manual-document-mt-safety-locale.patch: 422aa76fa083b6e69ae5ed04429e32a406c7ec93
- refresh-temp: bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
+ wip-manual-document-mt-safety-locale.patch: 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 445d4bb..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,62 +0,0 @@
-Bottom: 7003967eaf771392ad1c6c6f996ace42ab8190e3
-Top: e183cf4983754b833aea752d06508ab86b09968d
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-22 06:46:20 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 60e08d8..491e802 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -229,11 +229,44 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c ought to be MT-Safe, so we're ruling out the use of this function
- @c once threads are started. It takes a write lock itself, but it may
- @c return a pointer loaded from the global locale object after releasing
--@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
--@c and free, and _nl_find_locale, which amount to all documented safety
--@c issues. It also calls new_composite_name, setdata, and setname,
--@c without any additional issues. _nl_find_locale calls getenv, ...
-+@c the lock, or before taking it.
- @c This function returns a pointer read...
-+@c setlocale
-+@c libc_rwlock_wrlock selfdeadlock, lockleak
-+@c libc_rwlock_unlock lockleak
-+@c getenv LOCPATH envromt
-+@c malloc asmalloc, memleak
-+@c free asmalloc, memleak
-+@c new_composite_name ok
-+@c setdata ok
-+@c setname ok
-+@c _nl_find_locale
-+@c getenv LC_ALL and LANG envromt
-+@c _nl_load_locale_from_archive
-+@c _nl_expand_alias
-+@c libc_lock_lock selfdeadlock, lockleak
-+@c bsearch
-+@c alias_compare
-+@c strcasecmp ok
-+@c read_alias_file
-+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
-+@c fsetlocking ok
-+@c feof_unlocked ok
-+@c fgets_unlocked ok
-+@c isspace ok (locale mutex is locked)
-+@c extend_alias_table memleak, asmalloc
-+@c realloc memleak, asmalloc
-+@c realloc memleak, asmalloc
-+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
-+@c qsort ok
-+@c alias_compare dup
-+@c libc_lock_unlock
-+@c _nl_explode_name
-+@c _nl_make_l10nflist
-+@c _nl_load_locale
-+@c __gconv_compare_alias
-+@c strndup asmalloc, memleak
-+@c strcasecmp_l (C locale)
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index b760385..6269b8c 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 74f665133c21edd612695fb40b609f8bad0baef9
-Top: 7003967eaf771392ad1c6c6f996ace42ab8190e3
+Top: e183cf4983754b833aea752d06508ab86b09968d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
@@ -13,10 +13,10 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..60e08d8 100644
+index 2f10fcd..491e802 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
@@ -25,11 +25,44 @@ index 2f10fcd..60e08d8 100644
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
-+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-+@c and free, and _nl_find_locale, which amount to all documented safety
-+@c issues. It also calls new_composite_name, setdata, and setname,
-+@c without any additional issues. _nl_find_locale calls getenv, ...
++@c the lock, or before taking it.
+@c This function returns a pointer read...
++@c setlocale
++@c libc_rwlock_wrlock selfdeadlock, lockleak
++@c libc_rwlock_unlock lockleak
++@c getenv LOCPATH envromt
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
++@c new_composite_name ok
++@c setdata ok
++@c setname ok
++@c _nl_find_locale
++@c getenv LC_ALL and LANG envromt
++@c _nl_load_locale_from_archive
++@c _nl_expand_alias
++@c libc_lock_lock selfdeadlock, lockleak
++@c bsearch
++@c alias_compare
++@c strcasecmp ok
++@c read_alias_file
++@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c fsetlocking ok
++@c feof_unlocked ok
++@c fgets_unlocked ok
++@c isspace ok (locale mutex is locked)
++@c extend_alias_table memleak, asmalloc
++@c realloc memleak, asmalloc
++@c realloc memleak, asmalloc
++@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c qsort ok
++@c alias_compare dup
++@c libc_lock_unlock
++@c _nl_explode_name
++@c _nl_make_l10nflist
++@c _nl_load_locale
++@c __gconv_compare_alias
++@c strndup asmalloc, memleak
++@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=825aa89c03cbc714bebc54c55a9f80674ec3d947
commit 825aa89c03cbc714bebc54c55a9f80674ec3d947
Merge: da4bbd9 1628f8d bc8a516
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:20 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da4bbd9845abdd09765a6859cabd54e1e67070c0
commit da4bbd9845abdd09765a6859cabd54e1e67070c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:20 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index f232616..d97177b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 85c9005a07f05ad8d6d9f97158cb3e3292b0e989
-Head: 422aa76fa083b6e69ae5ed04429e32a406c7ec93
+Previous: 1628f8d30114c6bb2ba4ff7eb1687c17af8c3ab5
+Head: bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
wip-manual-document-mt-safety-time.patch: afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
wip-manual-document-mt-safety-locale.patch: 422aa76fa083b6e69ae5ed04429e32a406c7ec93
+ refresh-temp: bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..445d4bb
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,62 @@
+Bottom: 7003967eaf771392ad1c6c6f996ace42ab8190e3
+Top: e183cf4983754b833aea752d06508ab86b09968d
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-22 06:46:20 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 60e08d8..491e802 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -229,11 +229,44 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c ought to be MT-Safe, so we're ruling out the use of this function
+ @c once threads are started. It takes a write lock itself, but it may
+ @c return a pointer loaded from the global locale object after releasing
+-@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+-@c and free, and _nl_find_locale, which amount to all documented safety
+-@c issues. It also calls new_composite_name, setdata, and setname,
+-@c without any additional issues. _nl_find_locale calls getenv, ...
++@c the lock, or before taking it.
+ @c This function returns a pointer read...
++@c setlocale
++@c libc_rwlock_wrlock selfdeadlock, lockleak
++@c libc_rwlock_unlock lockleak
++@c getenv LOCPATH envromt
++@c malloc asmalloc, memleak
++@c free asmalloc, memleak
++@c new_composite_name ok
++@c setdata ok
++@c setname ok
++@c _nl_find_locale
++@c getenv LC_ALL and LANG envromt
++@c _nl_load_locale_from_archive
++@c _nl_expand_alias
++@c libc_lock_lock selfdeadlock, lockleak
++@c bsearch
++@c alias_compare
++@c strcasecmp ok
++@c read_alias_file
++@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c fsetlocking ok
++@c feof_unlocked ok
++@c fgets_unlocked ok
++@c isspace ok (locale mutex is locked)
++@c extend_alias_table memleak, asmalloc
++@c realloc memleak, asmalloc
++@c realloc memleak, asmalloc
++@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
++@c qsort ok
++@c alias_compare dup
++@c libc_lock_unlock
++@c _nl_explode_name
++@c _nl_make_l10nflist
++@c _nl_load_locale
++@c __gconv_compare_alias
++@c strndup asmalloc, memleak
++@c strcasecmp_l (C locale)
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
commit bc8a51645a8715faaa5a318ab1f4c4c4f509b88c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Thu Aug 22 06:46:20 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 60e08d8..491e802 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -229,11 +229,44 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c ought to be MT-Safe, so we're ruling out the use of this function
@c once threads are started. It takes a write lock itself, but it may
@c return a pointer loaded from the global locale object after releasing
-@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-@c and free, and _nl_find_locale, which amount to all documented safety
-@c issues. It also calls new_composite_name, setdata, and setname,
-@c without any additional issues. _nl_find_locale calls getenv, ...
+@c the lock, or before taking it.
@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch
+@c alias_compare
+@c strcasecmp ok
+@c read_alias_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort ok
+@c alias_compare dup
+@c libc_lock_unlock
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1628f8d30114c6bb2ba4ff7eb1687c17af8c3ab5
commit 1628f8d30114c6bb2ba4ff7eb1687c17af8c3ab5
Merge: 74c095d 422aa76 85c9005
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 03:57:44 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74c095dac0290878ba154cdc2c1815850ae25dcc
commit 74c095dac0290878ba154cdc2c1815850ae25dcc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 03:57:44 2013 -0300
float
diff --git a/meta b/meta
index bd54f4f..f232616 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: aa465b0085f4d4bc6523c446f7ce6870227c8992
-Head: c759555d9d5560131f6dc67be34fa2ae51f54c4f
+Previous: 85c9005a07f05ad8d6d9f97158cb3e3292b0e989
+Head: 422aa76fa083b6e69ae5ed04429e32a406c7ec93
Applied:
unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
@@ -20,14 +20,14 @@ Applied:
manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
- wip-manual-document-mt-safety-locale.patch: 0c975e33c4db3c285d4144bd8fa8ab684c8b500a
- wip-manual-document-mt-safety-math.patch: 0ded06d761bd842d9d7f6ab9473b5af3789e20e2
- wip-manual-document-mt-safety-startup.patch: 93ca5fa817ae6dc3d50a6990be8ae64d8b398e83
- wip-manual-document-mt-safety-search.patch: 2f91898f8002f8d61d9aad3c436468301513d49e
- wip-manual-document-mt-safety-resource.patch: 56296c84c59e84bc5a577f60252a3bca4e57944d
- wip-manual-document-mt-safety-string.patch: b16c3cb1e8fe3228f39d484598829d52e8b9ac43
- wip-manual-document-mt-safety-terminal.patch: cfab792fb4bc046f3274734d629c29d86856ef28
- wip-manual-document-mt-safety-threads.patch: 97ee1ff6ce212b9a9a750393c65224d306fb2ddd
- wip-manual-document-mt-safety-time.patch: c759555d9d5560131f6dc67be34fa2ae51f54c4f
+ wip-manual-document-mt-safety-math.patch: 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
+ wip-manual-document-mt-safety-startup.patch: 12d50c8632aaee2f0763bb48c0b69349b09022bb
+ wip-manual-document-mt-safety-search.patch: 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
+ wip-manual-document-mt-safety-resource.patch: 561ca151dcd427e997cb452b8d6aad6b2e251fc7
+ wip-manual-document-mt-safety-string.patch: 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
+ wip-manual-document-mt-safety-terminal.patch: c02af6635e7cc131c702dcff10cfe433c617fad5
+ wip-manual-document-mt-safety-threads.patch: 5bc0ea1ef664f58498315ce61f27703cd001fd35
+ wip-manual-document-mt-safety-time.patch: afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
+ wip-manual-document-mt-safety-locale.patch: 422aa76fa083b6e69ae5ed04429e32a406c7ec93
Unapplied:
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 8156a4d..b760385 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
-Top: 478b5a9511d73300038688d295275adc008791fb
+Bottom: 74f665133c21edd612695fb40b609f8bad0baef9
+Top: 7003967eaf771392ad1c6c6f996ace42ab8190e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index cbdf2ce..b7ef137 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 478b5a9511d73300038688d295275adc008791fb
-Top: c1f6d017ec3215a105705280d9d4e90b49cdb2fc
+Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
+Top: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index b4ba175..0c22d97 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: feea6b866c2cad47f44d83b24583aeb2e3dc5922
-Top: be3798257ab5eb1ffac51f5230137a50fabd0331
+Bottom: 7b568eec0398262e28b2443863236ee58c339139
+Top: 7c3a36b19e96ca71f5c07915ec0dbf244fd1096d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index eb03a10..e4ddc10 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 30385e4571775728259c071ac811cf24231bbe2a
-Top: feea6b866c2cad47f44d83b24583aeb2e3dc5922
+Bottom: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
+Top: 7b568eec0398262e28b2443863236ee58c339139
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 57fda05..34471ed 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: c1f6d017ec3215a105705280d9d4e90b49cdb2fc
-Top: 30385e4571775728259c071ac811cf24231bbe2a
+Bottom: 11d1dc9eeba934ab536b2fddf3eb7e4e30268ee3
+Top: 6ce35abc40d1550d75f2977d616b3878eeadcd9b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:08 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index b13b758..c14cc77 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: be3798257ab5eb1ffac51f5230137a50fabd0331
-Top: 4d99d3f848a2d2a8839afeb505c973845383e8bb
+Bottom: 7c3a36b19e96ca71f5c07915ec0dbf244fd1096d
+Top: 29300d1844347314806a484be6c071c85ba34bfb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 5b29c79..134465f 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 4d99d3f848a2d2a8839afeb505c973845383e8bb
-Top: 47b6d76e85ffcec042abbf52e9b26155224ed476
+Bottom: 29300d1844347314806a484be6c071c85ba34bfb
+Top: a99f3327e38bc078b866e571ab14fe1173fccded
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:09 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index c0d9e8f..3f73d01 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 47b6d76e85ffcec042abbf52e9b26155224ed476
-Top: 2282fda35139be6d25c267fb0f30abf6184f3b6d
+Bottom: a99f3327e38bc078b866e571ab14fe1173fccded
+Top: 94a334b985bc39aebfecc31bb65b9b8447a71df9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index fdb728f..6e501e1 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 2282fda35139be6d25c267fb0f30abf6184f3b6d
-Top: 7003967eaf771392ad1c6c6f996ace42ab8190e3
+Bottom: 94a334b985bc39aebfecc31bb65b9b8447a71df9
+Top: 74f665133c21edd612695fb40b609f8bad0baef9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-17 01:25:10 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
commit 16ea0003407bdc31e8ec8dfe869a8b7692eb8d00
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12d50c8632aaee2f0763bb48c0b69349b09022bb
commit 12d50c8632aaee2f0763bb48c0b69349b09022bb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=34f782743f44b2c627e74a640f2f29309d471b99
commit 34f782743f44b2c627e74a640f2f29309d471b99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..46f5f1c 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -113,6 +113,7 @@ the header file @file{stdlib.h}.
@comment stdlib.h
@comment ISO
@deftypefun {void *} bsearch (const void *@var{key}, const void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{bsearch} function searches the sorted array @var{array} for an object
that is equivalent to @var{key}. The array contains @var{count} elements,
each of which is of size @var{size} bytes.
@@ -146,6 +147,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +438,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +472,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +487,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +501,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +556,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
commit 3b7789f2efb618f9cdc9cb4e3be46d1670660fc3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1322d0df3da60812c2b42e23710a999109d4b2c8
commit 1322d0df3da60812c2b42e23710a999109d4b2c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..6673a61 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1159,6 +1159,11 @@ strings are written in into account. To get that one has to use
@comment string.h
@comment BSD
@deftypefun int strcasecmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Although this calls tolower multiple times, it's a macro, and
+@c strcasecmp is optimized so that the locale pointer is read only once.
+@c There are some asm implementations too, for which the single-read
+@c from locale TLS pointers also applies.
This function is like @code{strcmp}, except that differences in case are
ignored. How uppercase and lowercase characters are related is
determined by the currently selected locale. In the standard @code{"C"}
@@ -1247,6 +1252,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1350,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
commit 7441ccb3ac0c3fd1cd2735d24268ed21182e3a77
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
commit 5eed36e980fee4d5a7bfd909b40fea305e6c0f4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..491e802 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,49 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it.
+@c This function returns a pointer read...
+@c setlocale
+@c libc_rwlock_wrlock selfdeadlock, lockleak
+@c libc_rwlock_unlock lockleak
+@c getenv LOCPATH envromt
+@c malloc asmalloc, memleak
+@c free asmalloc, memleak
+@c new_composite_name ok
+@c setdata ok
+@c setname ok
+@c _nl_find_locale
+@c getenv LC_ALL and LANG envromt
+@c _nl_load_locale_from_archive
+@c _nl_expand_alias
+@c libc_lock_lock selfdeadlock, lockleak
+@c bsearch
+@c alias_compare
+@c strcasecmp ok
+@c read_alias_file
+@c fopen asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c fsetlocking ok
+@c feof_unlocked ok
+@c fgets_unlocked ok
+@c isspace ok (locale mutex is locked)
+@c extend_alias_table memleak, asmalloc
+@c realloc memleak, asmalloc
+@c realloc memleak, asmalloc
+@c fclose asmalloc, selfdeadlock, memleak, fdleak, lockleak
+@c qsort ok
+@c alias_compare dup
+@c libc_lock_unlock
+@c _nl_explode_name
+@c _nl_make_l10nflist
+@c _nl_load_locale
+@c __gconv_compare_alias
+@c strndup asmalloc, memleak
+@c strcasecmp_l (C locale)
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=422aa76fa083b6e69ae5ed04429e32a406c7ec93
commit 422aa76fa083b6e69ae5ed04429e32a406c7ec93
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=561ca151dcd427e997cb452b8d6aad6b2e251fc7
commit 561ca151dcd427e997cb452b8d6aad6b2e251fc7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
commit afdf3f5f5bd3ee6fc4230618b617cd0d4da134ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5bc0ea1ef664f58498315ce61f27703cd001fd35
commit 5bc0ea1ef664f58498315ce61f27703cd001fd35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c02af6635e7cc131c702dcff10cfe433c617fad5
commit c02af6635e7cc131c702dcff10cfe433c617fad5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=85c9005a07f05ad8d6d9f97158cb3e3292b0e989
commit 85c9005a07f05ad8d6d9f97158cb3e3292b0e989
Merge: 8d29f38 c759555 aa465b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:20 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d29f38671b539e845cef7399e5421978714ef8a
commit 8d29f38671b539e845cef7399e5421978714ef8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:20 2013 -0300
delete
diff --git a/meta b/meta
index 941fdda..bd54f4f 100644
--- a/meta
+++ b/meta
@@ -1,34 +1,33 @@
Version: 1
-Previous: 84b2959a1ba1806e2e666a90f9c9442950056937
-Head: 25a9ae1821970d7d17f86df0dbd323fe7776461b
+Previous: aa465b0085f4d4bc6523c446f7ce6870227c8992
+Head: c759555d9d5560131f6dc67be34fa2ae51f54c4f
Applied:
- powerpc-nofpu-sim-note-nothread.patch: 525ab96dd43fa6cf5d4f972271afec8d0c64c034
- unused-scalb-is-scalbn.patch: 3c6c7a24be0a9b65939e04e9200cffa361848c4b
- remove-sysdeps-ieee754-support.patch: 7b1263abc965a873a51d0f7b02987d8e3d6cf471
- manual-document-mt-safety.patch: caa55786752ded57d80b3809700b9e5183af21ae
- manual-document-mt-safety-argp.patch: 017da8adde97bccd79ab19b6d1175cfc9412a565
- manual-document-mt-safety-arith.patch: c6564bb231120b06f93702c9956c90a57546222e
- manual-document-mt-safety-charset.patch: 07dd04c5b4a440663c1751a1f38b09b33ab7f8af
- manual-document-mt-safety-conf.patch: 134d875cb9e454a8243ac2ca8d0bd3d42f0252dc
- manual-document-mt-safety-crypt.patch: 2069aec79bc11c99cf3e664d9042d76a7118bb88
- manual-document-mt-safety-ctype.patch: 9945d2535a48b19f85206a5f18b4b15153af2597
- manual-document-mt-safety-debug.patch: 7d2a9a7113f6aa3b14c1d75181c57c699cb3ccd1
- manual-document-mt-safety-errno.patch: d9f4ac37690ac779579d891dd9ac2ea37b14a531
- manual-document-mt-safety-filesys.patch: 392b19a1b6f9dc1268555fd513182d9ddc27977b
- manual-document-mt-safety-getopt.patch: 5c951f02d9782d9ce3468def9b0a29015d11b31c
- manual-document-mt-safety-libdl.patch: 695e13261917a34ed17d39bf7c68f612aeb53cab
- manual-document-mt-safety-job.patch: 065671cbe43b4e8324ec30134b735b72b0a27a7d
- manual-document-mt-safety-lang.patch: 16740ea74dca049974ec07baa32d1cd26c4642a9
- manual-document-mt-safety-llio.patch: 184090294f40be1dea2c49ae667629f5513f2c25
- manual-document-mt-safety-stdio.patch: 7b0a54addcada9b13059cdb0d03cf3fe0412f16d
- wip-manual-document-mt-safety-locale.patch: 7555b069c35687dd895740205bfdf2241db9c6f3
- wip-manual-document-mt-safety-math.patch: 1b4a6693b25118e662810d8480caa5189fdae82b
- wip-manual-document-mt-safety-startup.patch: 4ca19b6ad7173d7b6694a135af31417639b5e2dc
- wip-manual-document-mt-safety-search.patch: bfd482670800eebaa127193ef59428e7af3cfa1e
- wip-manual-document-mt-safety-resource.patch: b46f5e4463116cb679a7e90d6fd7ea80e2a239db
- wip-manual-document-mt-safety-string.patch: 5388cbb52e6f25c810d8c7c1e9d9cbb58945784e
- wip-manual-document-mt-safety-terminal.patch: 1dbe8f76713dfcffe1af611cbe9a6054fed93484
- wip-manual-document-mt-safety-threads.patch: 2e4662897991d33b3915b73cd23c5c140fd12c6e
- wip-manual-document-mt-safety-time.patch: 25a9ae1821970d7d17f86df0dbd323fe7776461b
+ unused-scalb-is-scalbn.patch: 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
+ remove-sysdeps-ieee754-support.patch: fe6a5807692b034fba404bbe03d68929933eb91f
+ manual-document-mt-safety.patch: cfd5bbe11be81bd19bd894478f09f14ddd746ac8
+ manual-document-mt-safety-argp.patch: 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
+ manual-document-mt-safety-arith.patch: 6dfda39adb1d84728fb4d392927fe32c70717f8c
+ manual-document-mt-safety-charset.patch: b58ef1fd4f0b6a89317ebce875a8c6217da8e8fa
+ manual-document-mt-safety-conf.patch: c7e8ed57d8a8ef0461deb3bb02e64e7c3c3606c1
+ manual-document-mt-safety-crypt.patch: 9a99d1deaa001ca289c66c3832e5eaf4bee898b4
+ manual-document-mt-safety-ctype.patch: 6bef7c9b865d9b4002167b45edfc3e8d74063fcf
+ manual-document-mt-safety-debug.patch: 0b2dd076556329cdfefbe5adf3c6ea16167fe17b
+ manual-document-mt-safety-errno.patch: d03f2590278bbe0c5b64d2727c6a88103e1174c6
+ manual-document-mt-safety-filesys.patch: cd6798f9231759db9a66272f1e721010946710b4
+ manual-document-mt-safety-getopt.patch: 5acd0cba09b1c0411d3c0ff44ebad682781cdea4
+ manual-document-mt-safety-libdl.patch: a6dbb793abff10ea3a8779b118e43cd27d02cd33
+ manual-document-mt-safety-job.patch: 1302198bf7ea242f1be035891c34507df7fa27e7
+ manual-document-mt-safety-lang.patch: df244861d2cc8225a441c53b523f53150727ae62
+ manual-document-mt-safety-llio.patch: bf5c49825fd31327a529399b2400a6e592bbee3a
+ manual-document-mt-safety-stdio.patch: 8d679074193b580e3ea1b810b03b6c976a47f9cd
+ wip-manual-document-mt-safety-locale.patch: 0c975e33c4db3c285d4144bd8fa8ab684c8b500a
+ wip-manual-document-mt-safety-math.patch: 0ded06d761bd842d9d7f6ab9473b5af3789e20e2
+ wip-manual-document-mt-safety-startup.patch: 93ca5fa817ae6dc3d50a6990be8ae64d8b398e83
+ wip-manual-document-mt-safety-search.patch: 2f91898f8002f8d61d9aad3c436468301513d49e
+ wip-manual-document-mt-safety-resource.patch: 56296c84c59e84bc5a577f60252a3bca4e57944d
+ wip-manual-document-mt-safety-string.patch: b16c3cb1e8fe3228f39d484598829d52e8b9ac43
+ wip-manual-document-mt-safety-terminal.patch: cfab792fb4bc046f3274734d629c29d86856ef28
+ wip-manual-document-mt-safety-threads.patch: 97ee1ff6ce212b9a9a750393c65224d306fb2ddd
+ wip-manual-document-mt-safety-time.patch: c759555d9d5560131f6dc67be34fa2ae51f54c4f
Unapplied:
Hidden:
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
deleted file mode 100644
index f6f9132..0000000
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Bottom: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
-Top: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-17 01:25:03 -0300
-
-Note that powerpc fpu emulation status is not thread- or signal-safe.
-
-for ports/ChangeLog.powerpc
-
- PR 15483
- * sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
- the need for thread-specific variables preserved across signal
- handlers.
- * sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
- * sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
-
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e51ca6a99c605099f12a779df0d47cceeb4ae4f
commit 4e51ca6a99c605099f12a779df0d47cceeb4ae4f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..c3142ad 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,434 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{oncesafe}
+@cindex oncesafe
+
+Functions marked with @code{oncesafe} use the internal @code{libc_once}
+machinery to initialize internal data structures.
+
+If a signal handler interrupts such an initializer, and calls any
+function that also performs @code{libc_once} initialization, it will
+deadlock if the thread library is linked in.
+
+Furthermore, if an initializer is partially complete before it is
+canceled or interrupted by a signal whose handler requires the same
+initialization, some or all of the initialization may be performed more
+than once, leaking resources or even result in corrupt internal data
+structures.
+
+Applications that need to call functions marked with @code{oncesafe}
+should ensure the initialization is performed before configuring signal
+handlers or enabling cancellation, so that the AS- and AC-Safety issues
+related with @code{libc_once} do not arise.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfd5bbe11be81bd19bd894478f09f14ddd746ac8
commit cfd5bbe11be81bd19bd894478f09f14ddd746ac8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
commit 3f6a86b4b41552229bec8e2e30c2f20b6e0cefa4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..5667af3 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,12 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Besides the usual possibility of getting an inconsistent stream in a
+@c signal handler or leaving it inconsistent in case of cancellation,
+@c the possibility of leaving a dangling pointer upon cancellation
+@c between reallocing the buffer at *lineptr and updating the pointer
+@c brings about another case of incansist.
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1321,8 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c See the getline incansist note.
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1347,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1371,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1397,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1407,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1417,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1508,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1546,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1605,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1621,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1631,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1641,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2383,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2393,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2403,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2411,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2419,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2444,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2469,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2540,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2573,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2644,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2653,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2662,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2711,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2719,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2727,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2735,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2743,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2751,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2827,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3068,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3320,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3384,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +4001,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4016,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4031,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4039,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4047,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4061,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4088,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4097,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4106,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4114,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4122,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4130,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4180,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4190,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4204,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4215,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4243,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4254,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4368,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4381,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4405,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4421,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4441,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4465,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4514,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4636,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4651,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4664,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4681,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4793,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4806,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4823,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4845,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4870,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4948,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4962,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4974,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4989,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +5003,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5014,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5062,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5118,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5234,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5416,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5557,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d679074193b580e3ea1b810b03b6c976a47f9cd
commit 8d679074193b580e3ea1b810b03b6c976a47f9cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c759555d9d5560131f6dc67be34fa2ae51f54c4f
commit c759555d9d5560131f6dc67be34fa2ae51f54c4f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe6a5807692b034fba404bbe03d68929933eb91f
commit fe6a5807692b034fba404bbe03d68929933eb91f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bf5c49825fd31327a529399b2400a6e592bbee3a
commit bf5c49825fd31327a529399b2400a6e592bbee3a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=97ee1ff6ce212b9a9a750393c65224d306fb2ddd
commit 97ee1ff6ce212b9a9a750393c65224d306fb2ddd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
commit 05db560ffbca9d70d3f8cb8275b5f82ebd0a1fa7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:03 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df244861d2cc8225a441c53b523f53150727ae62
commit df244861d2cc8225a441c53b523f53150727ae62
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfab792fb4bc046f3274734d629c29d86856ef28
commit cfab792fb4bc046f3274734d629c29d86856ef28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1302198bf7ea242f1be035891c34507df7fa27e7
commit 1302198bf7ea242f1be035891c34507df7fa27e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b16c3cb1e8fe3228f39d484598829d52e8b9ac43
commit b16c3cb1e8fe3228f39d484598829d52e8b9ac43
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6dbb793abff10ea3a8779b118e43cd27d02cd33
commit a6dbb793abff10ea3a8779b118e43cd27d02cd33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=56296c84c59e84bc5a577f60252a3bca4e57944d
commit 56296c84c59e84bc5a577f60252a3bca4e57944d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5acd0cba09b1c0411d3c0ff44ebad682781cdea4
commit 5acd0cba09b1c0411d3c0ff44ebad682781cdea4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2f91898f8002f8d61d9aad3c436468301513d49e
commit 2f91898f8002f8d61d9aad3c436468301513d49e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd6798f9231759db9a66272f1e721010946710b4
commit cd6798f9231759db9a66272f1e721010946710b4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 814c210..c7eb13b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93ca5fa817ae6dc3d50a6990be8ae64d8b398e83
commit 93ca5fa817ae6dc3d50a6990be8ae64d8b398e83
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d03f2590278bbe0c5b64d2727c6a88103e1174c6
commit d03f2590278bbe0c5b64d2727c6a88103e1174c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0ded06d761bd842d9d7f6ab9473b5af3789e20e2
commit 0ded06d761bd842d9d7f6ab9473b5af3789e20e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b2dd076556329cdfefbe5adf3c6ea16167fe17b
commit 0b2dd076556329cdfefbe5adf3c6ea16167fe17b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0c975e33c4db3c285d4144bd8fa8ab684c8b500a
commit 0c975e33c4db3c285d4144bd8fa8ab684c8b500a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6bef7c9b865d9b4002167b45edfc3e8d74063fcf
commit 6bef7c9b865d9b4002167b45edfc3e8d74063fcf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9a99d1deaa001ca289c66c3832e5eaf4bee898b4
commit 9a99d1deaa001ca289c66c3832e5eaf4bee898b4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7e8ed57d8a8ef0461deb3bb02e64e7c3c3606c1
commit c7e8ed57d8a8ef0461deb3bb02e64e7c3c3606c1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b58ef1fd4f0b6a89317ebce875a8c6217da8e8fa
commit b58ef1fd4f0b6a89317ebce875a8c6217da8e8fa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6dfda39adb1d84728fb4d392927fe32c70717f8c
commit 6dfda39adb1d84728fb4d392927fe32c70717f8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
commit 091e1e16a3a7c50d382e0f9eee36d6d04bcd441a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aa465b0085f4d4bc6523c446f7ce6870227c8992
commit aa465b0085f4d4bc6523c446f7ce6870227c8992
Merge: 0e4688e 25a9ae1 84b2959
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:11 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e4688e6cf1ac6e25b4ce9bf7efd38631c30562c
commit 0e4688e6cf1ac6e25b4ce9bf7efd38631c30562c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:11 2013 -0300
pull
diff --git a/meta b/meta
index 73cfd6c..941fdda 100644
--- a/meta
+++ b/meta
@@ -1,34 +1,34 @@
Version: 1
-Previous: 40bbc25610275afafd89540b32d05e827517453f
-Head: 3f154dc87b1520a90a6a60ee3f64313f37cbe6af
+Previous: 84b2959a1ba1806e2e666a90f9c9442950056937
+Head: 25a9ae1821970d7d17f86df0dbd323fe7776461b
Applied:
- powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
- unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
- remove-sysdeps-ieee754-support.patch: a695677bd128bab38d17152a529deb639c38a9cc
- manual-document-mt-safety.patch: 68be24a2fdb555f49822dadce0e7a9dcce313fef
- manual-document-mt-safety-argp.patch: 3140ac4a6f81a1c3771e446d1b992366ac25c1fd
- manual-document-mt-safety-arith.patch: 26f6a615ed5791824c49a73f2c3f2363a1068a67
- manual-document-mt-safety-charset.patch: 0df07b4fc684fb54e4439dc6d2c3dbbe1bfebcc1
- manual-document-mt-safety-conf.patch: d07742aef69215a1f5e40b91d1ce62d2bd0f3436
- manual-document-mt-safety-crypt.patch: 9612e68916ea2d715e826de3ea1e63449b56113a
- manual-document-mt-safety-ctype.patch: f9c7c5a3a45afe0537eac97659a8035fcd353755
- manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
- manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
- manual-document-mt-safety-filesys.patch: 20cfc6cc280a99c7c5c322f9017a835c88940e9d
- manual-document-mt-safety-getopt.patch: 9f6db34fbf2abae189d89ed0c55f39e8b6e1567d
- manual-document-mt-safety-libdl.patch: c36ed4e31f0b32016ac4ff66c3f78b796cc60c4d
- manual-document-mt-safety-job.patch: 5f947de962b5bc8635e43505a3e620452207d5e9
- manual-document-mt-safety-lang.patch: 0bb0d49f0ce8515d039525a62babee3ee8041467
- manual-document-mt-safety-llio.patch: d2d0d5547508d14d2b0f8f184b0cb6567a5f3b3b
- manual-document-mt-safety-stdio.patch: 657da16d7c4dc73ea2a34ee6bfb0443c4f673a5e
- wip-manual-document-mt-safety-locale.patch: fa0471dff7f451bafb03203df03f3ed569ae49bf
- wip-manual-document-mt-safety-math.patch: 76f2d203176f382ef78fc4fe0489bdafb8f8a7e0
- wip-manual-document-mt-safety-startup.patch: a79bade490b89767d07e59d0f983ca57e360c013
- wip-manual-document-mt-safety-search.patch: 644f9527c94cba4151e00bc4c4f48b06eb1b6181
- wip-manual-document-mt-safety-resource.patch: a71b7807900481c356bb648d1c572b7d8e50a9c2
- wip-manual-document-mt-safety-string.patch: c72458cec4f9e82364a18bd1b2fce9e3ad5b7d0a
- wip-manual-document-mt-safety-terminal.patch: 26939672f6abb9771a3c6832b6751de75dfd10ae
- wip-manual-document-mt-safety-threads.patch: ffddbd41d3291cd5b098dde10f2e5253124b8813
- wip-manual-document-mt-safety-time.patch: 3f154dc87b1520a90a6a60ee3f64313f37cbe6af
+ powerpc-nofpu-sim-note-nothread.patch: 525ab96dd43fa6cf5d4f972271afec8d0c64c034
+ unused-scalb-is-scalbn.patch: 3c6c7a24be0a9b65939e04e9200cffa361848c4b
+ remove-sysdeps-ieee754-support.patch: 7b1263abc965a873a51d0f7b02987d8e3d6cf471
+ manual-document-mt-safety.patch: caa55786752ded57d80b3809700b9e5183af21ae
+ manual-document-mt-safety-argp.patch: 017da8adde97bccd79ab19b6d1175cfc9412a565
+ manual-document-mt-safety-arith.patch: c6564bb231120b06f93702c9956c90a57546222e
+ manual-document-mt-safety-charset.patch: 07dd04c5b4a440663c1751a1f38b09b33ab7f8af
+ manual-document-mt-safety-conf.patch: 134d875cb9e454a8243ac2ca8d0bd3d42f0252dc
+ manual-document-mt-safety-crypt.patch: 2069aec79bc11c99cf3e664d9042d76a7118bb88
+ manual-document-mt-safety-ctype.patch: 9945d2535a48b19f85206a5f18b4b15153af2597
+ manual-document-mt-safety-debug.patch: 7d2a9a7113f6aa3b14c1d75181c57c699cb3ccd1
+ manual-document-mt-safety-errno.patch: d9f4ac37690ac779579d891dd9ac2ea37b14a531
+ manual-document-mt-safety-filesys.patch: 392b19a1b6f9dc1268555fd513182d9ddc27977b
+ manual-document-mt-safety-getopt.patch: 5c951f02d9782d9ce3468def9b0a29015d11b31c
+ manual-document-mt-safety-libdl.patch: 695e13261917a34ed17d39bf7c68f612aeb53cab
+ manual-document-mt-safety-job.patch: 065671cbe43b4e8324ec30134b735b72b0a27a7d
+ manual-document-mt-safety-lang.patch: 16740ea74dca049974ec07baa32d1cd26c4642a9
+ manual-document-mt-safety-llio.patch: 184090294f40be1dea2c49ae667629f5513f2c25
+ manual-document-mt-safety-stdio.patch: 7b0a54addcada9b13059cdb0d03cf3fe0412f16d
+ wip-manual-document-mt-safety-locale.patch: 7555b069c35687dd895740205bfdf2241db9c6f3
+ wip-manual-document-mt-safety-math.patch: 1b4a6693b25118e662810d8480caa5189fdae82b
+ wip-manual-document-mt-safety-startup.patch: 4ca19b6ad7173d7b6694a135af31417639b5e2dc
+ wip-manual-document-mt-safety-search.patch: bfd482670800eebaa127193ef59428e7af3cfa1e
+ wip-manual-document-mt-safety-resource.patch: b46f5e4463116cb679a7e90d6fd7ea80e2a239db
+ wip-manual-document-mt-safety-string.patch: 5388cbb52e6f25c810d8c7c1e9d9cbb58945784e
+ wip-manual-document-mt-safety-terminal.patch: 1dbe8f76713dfcffe1af611cbe9a6054fed93484
+ wip-manual-document-mt-safety-threads.patch: 2e4662897991d33b3915b73cd23c5c140fd12c6e
+ wip-manual-document-mt-safety-time.patch: 25a9ae1821970d7d17f86df0dbd323fe7776461b
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 2d84eea..04e77a4 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,7 +1,7 @@
-Bottom: 9a965dda103f127bc6ee768c73f81465bb617ddc
-Top: 42073023177bd6d20e6b8df2090232d020997496
+Bottom: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
+Top: 8fa20da58a327ce236a45260745f81ec87a5a28c
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:53 -0300
+Date: 2013-08-17 01:25:04 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 7910a8d..ad9a44a 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: 42073023177bd6d20e6b8df2090232d020997496
-Top: 50364dad6f3079f8f8364e094b81d4f279e17b9a
+Bottom: 8fa20da58a327ce236a45260745f81ec87a5a28c
+Top: 9e00847513aa8ca3dd870c7142c8ee63c1eea05f
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:53 -0300
+Date: 2013-08-17 01:25:05 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 38ab65e..eb1d974 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,7 +1,7 @@
-Bottom: 50364dad6f3079f8f8364e094b81d4f279e17b9a
-Top: 2057130a7d71203b9a9f38120e917b098c480a6f
+Bottom: 9e00847513aa8ca3dd870c7142c8ee63c1eea05f
+Top: 25ef582a24250de1e2072a4015dacbfc5c2841bb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:53 -0300
+Date: 2013-08-17 01:25:05 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 4a2d7b5..a919d8b 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,7 +1,7 @@
-Bottom: 2057130a7d71203b9a9f38120e917b098c480a6f
-Top: 94804776420739d4e7851f76aae8683d669215d4
+Bottom: 25ef582a24250de1e2072a4015dacbfc5c2841bb
+Top: b0eacdf8728c94a1f78c8f658a008efcaabcc9d2
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:53 -0300
+Date: 2013-08-17 01:25:05 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index a16a183..c361847 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,7 +1,7 @@
-Bottom: 94804776420739d4e7851f76aae8683d669215d4
-Top: f5c503197dbf6356975447e7636e2dd3143a2989
+Bottom: b0eacdf8728c94a1f78c8f658a008efcaabcc9d2
+Top: c0b0db21cd11bbf3316e8c83167e162e23ad5bfa
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:54 -0300
+Date: 2013-08-17 01:25:05 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index e6d4b14..3b2e49c 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,7 +1,7 @@
-Bottom: f5c503197dbf6356975447e7636e2dd3143a2989
-Top: 003a6157dc020fa72680ae4a6ca0b81297cad891
+Bottom: c0b0db21cd11bbf3316e8c83167e162e23ad5bfa
+Top: 1ac0ccdda2df342408b295e5121112bafddb3284
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:54 -0300
+Date: 2013-08-17 01:25:05 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 952e178..5283b95 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,7 +1,7 @@
-Bottom: 003a6157dc020fa72680ae4a6ca0b81297cad891
-Top: 1bfb6d75e28a05d618536054d216af24c1d005eb
+Bottom: 1ac0ccdda2df342408b295e5121112bafddb3284
+Top: dc9e760360eb18c8fb0f2184676b14e7bc2177c3
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:54 -0300
+Date: 2013-08-17 01:25:06 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index d209c0e..c0ca2ec 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,7 +1,7 @@
-Bottom: 1bfb6d75e28a05d618536054d216af24c1d005eb
-Top: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
+Bottom: dc9e760360eb18c8fb0f2184676b14e7bc2177c3
+Top: 6f36388aba0015568b6b2a4816dacc50146cb3fe
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:55 -0300
+Date: 2013-08-17 01:25:06 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 397230b..6769498 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,7 +1,7 @@
-Bottom: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
-Top: 7fa654adb8d9082bddec3251021da106124844a9
+Bottom: 6f36388aba0015568b6b2a4816dacc50146cb3fe
+Top: fde229599e21ef688d3e4b9f2339df8c55a7a992
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:55 -0300
+Date: 2013-08-17 01:25:06 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 8e2d03d..cbc973f 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,7 +1,7 @@
-Bottom: 7fa654adb8d9082bddec3251021da106124844a9
-Top: 1b375656241ea5dc462b0293bea840893b4f359b
+Bottom: fde229599e21ef688d3e4b9f2339df8c55a7a992
+Top: 6d7e1278667b262f6475d7f0930713e0fcaf2164
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:06:36 -0300
+Date: 2013-08-17 01:25:06 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 132b58d..78e372d 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,7 +1,7 @@
-Bottom: 3d94d1b2c3bcc092b3df348e4cb20a0cc767b53d
-Top: 2230f3ad68c0c728603008b7ef5a718ed6999f8a
+Bottom: 84a81eb5208d547308c0551a8daf7274f5f51893
+Top: 464934e3117acbbe947a28a984738c55ac1e7982
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:08:15 -0300
+Date: 2013-08-17 01:25:07 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 3958ddb..c3e1fa5 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,7 +1,7 @@
-Bottom: 2230f3ad68c0c728603008b7ef5a718ed6999f8a
-Top: 03db9c41a3d5843dd52386d18ea8d5ae4fbaa790
+Bottom: 464934e3117acbbe947a28a984738c55ac1e7982
+Top: 97ed577a7b5de423e0cbd73e6199c1d5d77a2db2
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:08:32 -0300
+Date: 2013-08-17 01:25:07 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index ba39838..45921f9 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,7 +1,7 @@
-Bottom: 1b375656241ea5dc462b0293bea840893b4f359b
-Top: 3d94d1b2c3bcc092b3df348e4cb20a0cc767b53d
+Bottom: 6d7e1278667b262f6475d7f0930713e0fcaf2164
+Top: 84a81eb5208d547308c0551a8daf7274f5f51893
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:08:59 -0300
+Date: 2013-08-17 01:25:07 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 6983a10..232d2b0 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,7 +1,7 @@
-Bottom: 03db9c41a3d5843dd52386d18ea8d5ae4fbaa790
-Top: f3d45f3a5174c95fda4ca14c3895dea94162ab84
+Bottom: 97ed577a7b5de423e0cbd73e6199c1d5d77a2db2
+Top: 93d7801d18acd26c49da4772fbbaa130e15e8c35
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:09:32 -0300
+Date: 2013-08-17 01:25:07 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 75523e4..f0316b1 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,7 +1,7 @@
-Bottom: f3d45f3a5174c95fda4ca14c3895dea94162ab84
-Top: 871bd834ba505ea12044bc0802ca64d8ac8687bd
+Bottom: 93d7801d18acd26c49da4772fbbaa130e15e8c35
+Top: e50028beb84ad6b675a13f914ea7f6020b0041fb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:40 -0300
+Date: 2013-08-17 01:25:08 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index d425832..4c64009 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 3e408a78cb48814b5d0267f4ac1660cd08e00d24
-Top: 9a965dda103f127bc6ee768c73f81465bb617ddc
+Bottom: 39cf8b6977e5b0eb658a937d498281477afa6821
+Top: 9dc17c777e87d9e8550bcf18a685ec2e017a008c
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:52 -0300
+Date: 2013-08-17 01:25:04 -0300
Thread safety documentation.
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 300c5fe..f6f9132 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,7 +1,7 @@
-Bottom: 268277f390b889cc857152d268242bd603036b9e
-Top: 16be1a6432db4b53f29115b9a137e0a9b5f72d63
+Bottom: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
+Top: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:51 -0300
+Date: 2013-08-17 01:25:03 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
@@ -17,51 +17,4 @@ for ports/ChangeLog.powerpc
---
-diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
-index fc061d0..e167033 100644
---- a/ports/sysdeps/powerpc/nofpu/sim-full.c
-+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
-@@ -21,6 +21,11 @@
- #include "soft-fp.h"
- #include "soft-supp.h"
-
-+/* FIXME: these variables should be thread specific (see bugzilla bug
-+ 15483) and ideally preserved across signal handlers, like hardware
-+ FP status words, but the latter is quite difficult to accomplish in
-+ userland. */
-+
- /* Global to store sticky exceptions. */
- int __sim_exceptions __attribute__ ((nocommon));
- libc_hidden_data_def (__sim_exceptions);
-diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
-index b9638bb..64a3d2a 100644
---- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
-+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
-@@ -26,6 +26,11 @@ typedef union
- } fenv_union_t;
-
-
-+/* FIXME: these variables should be thread specific (see bugzilla bug
-+ 15483) and ideally preserved across signal handlers, like hardware
-+ FP status words, but the latter is quite difficult to accomplish in
-+ userland. */
-+
- extern int __sim_exceptions;
- libc_hidden_proto (__sim_exceptions);
- extern int __sim_disabled_exceptions;
-diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
-index c2a190e..508d869 100644
---- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
-+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
-@@ -54,6 +54,11 @@
- #define FP_ROUNDMODE __sim_round_mode
- #define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
-
-+/* FIXME: these variables should be thread specific (see bugzilla bug
-+ 15483) and ideally preserved across signal handlers, like hardware
-+ FP status words, but the latter is quite difficult to accomplish in
-+ userland. */
-+
- extern int __sim_exceptions;
- libc_hidden_proto (__sim_exceptions);
- extern int __sim_disabled_exceptions;
+
diff --git a/patches/remove-sysdeps-ieee754-support.patch b/patches/remove-sysdeps-ieee754-support.patch
index 7a78a03..034bcd4 100644
--- a/patches/remove-sysdeps-ieee754-support.patch
+++ b/patches/remove-sysdeps-ieee754-support.patch
@@ -1,7 +1,7 @@
-Bottom: 411b24ed46994f8860e4a688d6846bba3af6a601
-Top: 3e408a78cb48814b5d0267f4ac1660cd08e00d24
+Bottom: d06b3f23c180fe174e52c5f9388baa61d6ac33cc
+Top: 39cf8b6977e5b0eb658a937d498281477afa6821
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:52 -0300
+Date: 2013-08-17 01:25:04 -0300
Remove unused sysdeps/ieee754/support.c.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 2b74aea..29447c9 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: 16be1a6432db4b53f29115b9a137e0a9b5f72d63
-Top: 411b24ed46994f8860e4a688d6846bba3af6a601
+Bottom: 1049e70d3641bba6f9f04cf81836dfef2917e3b3
+Top: d06b3f23c180fe174e52c5f9388baa61d6ac33cc
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:52:51 -0300
+Date: 2013-08-17 01:25:03 -0300
Rename unused scalb to scalbn to match prototype.
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index bad17dd..8156a4d 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,7 +1,7 @@
-Bottom: 871bd834ba505ea12044bc0802ca64d8ac8687bd
-Top: 7eb11a4a93285c6437a6a76fcfe3bdb4f7ab231e
+Bottom: e50028beb84ad6b675a13f914ea7f6020b0041fb
+Top: 478b5a9511d73300038688d295275adc008791fb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:40 -0300
+Date: 2013-08-17 01:25:08 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 51ccaa8..cbdf2ce 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,7 +1,7 @@
-Bottom: 7eb11a4a93285c6437a6a76fcfe3bdb4f7ab231e
-Top: 3e2da94112b66d7d2a5c0302a59092c351a9beae
+Bottom: 478b5a9511d73300038688d295275adc008791fb
+Top: c1f6d017ec3215a105705280d9d4e90b49cdb2fc
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:40 -0300
+Date: 2013-08-17 01:25:08 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 12c14b8..b4ba175 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,7 +1,7 @@
-Bottom: 40ef432615a0798e880ce4bf9d0fed695d2d1fe1
-Top: f2c97e058bb7c8c3103a9dd012dcb253194148a9
+Bottom: feea6b866c2cad47f44d83b24583aeb2e3dc5922
+Top: be3798257ab5eb1ffac51f5230137a50fabd0331
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:11:00 -0300
+Date: 2013-08-17 01:25:09 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 428a92c..eb03a10 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,7 +1,7 @@
-Bottom: 502f555c935f829fc23dd8f2986455c72b952a62
-Top: 40ef432615a0798e880ce4bf9d0fed695d2d1fe1
+Bottom: 30385e4571775728259c071ac811cf24231bbe2a
+Top: feea6b866c2cad47f44d83b24583aeb2e3dc5922
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:11:55 -0300
+Date: 2013-08-17 01:25:09 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 75dc16a..57fda05 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,7 +1,7 @@
-Bottom: 3e2da94112b66d7d2a5c0302a59092c351a9beae
-Top: 502f555c935f829fc23dd8f2986455c72b952a62
+Bottom: c1f6d017ec3215a105705280d9d4e90b49cdb2fc
+Top: 30385e4571775728259c071ac811cf24231bbe2a
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:12:28 -0300
+Date: 2013-08-17 01:25:08 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index b1bd108..b13b758 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,7 +1,7 @@
-Bottom: f2c97e058bb7c8c3103a9dd012dcb253194148a9
-Top: 06607cc945da4dc1e66af3ac0e88c7e5809f2083
+Bottom: be3798257ab5eb1ffac51f5230137a50fabd0331
+Top: 4d99d3f848a2d2a8839afeb505c973845383e8bb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:13:24 -0300
+Date: 2013-08-17 01:25:09 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 5ff28e9..5b29c79 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,7 +1,7 @@
-Bottom: 06607cc945da4dc1e66af3ac0e88c7e5809f2083
-Top: e12f04c0e8731c53e3e401f09ae09dffeff3baf4
+Bottom: 4d99d3f848a2d2a8839afeb505c973845383e8bb
+Top: 47b6d76e85ffcec042abbf52e9b26155224ed476
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:13:53 -0300
+Date: 2013-08-17 01:25:09 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 53feaf3..c0d9e8f 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,7 +1,7 @@
-Bottom: e12f04c0e8731c53e3e401f09ae09dffeff3baf4
-Top: c6a8bfa89bebdd2e843455e435782b1d9c2e6d4b
+Bottom: 47b6d76e85ffcec042abbf52e9b26155224ed476
+Top: 2282fda35139be6d25c267fb0f30abf6184f3b6d
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:14:35 -0300
+Date: 2013-08-17 01:25:10 -0300
Thread safety documentation.
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 76700ea..fdb728f 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,7 +1,7 @@
-Bottom: c6a8bfa89bebdd2e843455e435782b1d9c2e6d4b
-Top: 7a82ed262dde6b6667a78cafef16ff35cc6f7086
+Bottom: 2282fda35139be6d25c267fb0f30abf6184f3b6d
+Top: 7003967eaf771392ad1c6c6f996ace42ab8190e3
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:14:50 -0300
+Date: 2013-08-17 01:25:10 -0300
Thread safety documentation.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=25a9ae1821970d7d17f86df0dbd323fe7776461b
commit 25a9ae1821970d7d17f86df0dbd323fe7776461b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e4662897991d33b3915b73cd23c5c140fd12c6e
commit 2e4662897991d33b3915b73cd23c5c140fd12c6e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:10 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1dbe8f76713dfcffe1af611cbe9a6054fed93484
commit 1dbe8f76713dfcffe1af611cbe9a6054fed93484
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5388cbb52e6f25c810d8c7c1e9d9cbb58945784e
commit 5388cbb52e6f25c810d8c7c1e9d9cbb58945784e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b46f5e4463116cb679a7e90d6fd7ea80e2a239db
commit b46f5e4463116cb679a7e90d6fd7ea80e2a239db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bfd482670800eebaa127193ef59428e7af3cfa1e
commit bfd482670800eebaa127193ef59428e7af3cfa1e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:09 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4ca19b6ad7173d7b6694a135af31417639b5e2dc
commit 4ca19b6ad7173d7b6694a135af31417639b5e2dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1b4a6693b25118e662810d8480caa5189fdae82b
commit 1b4a6693b25118e662810d8480caa5189fdae82b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7555b069c35687dd895740205bfdf2241db9c6f3
commit 7555b069c35687dd895740205bfdf2241db9c6f3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7b0a54addcada9b13059cdb0d03cf3fe0412f16d
commit 7b0a54addcada9b13059cdb0d03cf3fe0412f16d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=184090294f40be1dea2c49ae667629f5513f2c25
commit 184090294f40be1dea2c49ae667629f5513f2c25
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16740ea74dca049974ec07baa32d1cd26c4642a9
commit 16740ea74dca049974ec07baa32d1cd26c4642a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=065671cbe43b4e8324ec30134b735b72b0a27a7d
commit 065671cbe43b4e8324ec30134b735b72b0a27a7d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=695e13261917a34ed17d39bf7c68f612aeb53cab
commit 695e13261917a34ed17d39bf7c68f612aeb53cab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:07 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5c951f02d9782d9ce3468def9b0a29015d11b31c
commit 5c951f02d9782d9ce3468def9b0a29015d11b31c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=392b19a1b6f9dc1268555fd513182d9ddc27977b
commit 392b19a1b6f9dc1268555fd513182d9ddc27977b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 814c210..c7eb13b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9f4ac37690ac779579d891dd9ac2ea37b14a531
commit d9f4ac37690ac779579d891dd9ac2ea37b14a531
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7d2a9a7113f6aa3b14c1d75181c57c699cb3ccd1
commit 7d2a9a7113f6aa3b14c1d75181c57c699cb3ccd1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:06 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9945d2535a48b19f85206a5f18b4b15153af2597
commit 9945d2535a48b19f85206a5f18b4b15153af2597
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2069aec79bc11c99cf3e664d9042d76a7118bb88
commit 2069aec79bc11c99cf3e664d9042d76a7118bb88
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=134d875cb9e454a8243ac2ca8d0bd3d42f0252dc
commit 134d875cb9e454a8243ac2ca8d0bd3d42f0252dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07dd04c5b4a440663c1751a1f38b09b33ab7f8af
commit 07dd04c5b4a440663c1751a1f38b09b33ab7f8af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c6564bb231120b06f93702c9956c90a57546222e
commit c6564bb231120b06f93702c9956c90a57546222e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:05 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=017da8adde97bccd79ab19b6d1175cfc9412a565
commit 017da8adde97bccd79ab19b6d1175cfc9412a565
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=caa55786752ded57d80b3809700b9e5183af21ae
commit caa55786752ded57d80b3809700b9e5183af21ae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7b1263abc965a873a51d0f7b02987d8e3d6cf471
commit 7b1263abc965a873a51d0f7b02987d8e3d6cf471
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:04 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c6c7a24be0a9b65939e04e9200cffa361848c4b
commit 3c6c7a24be0a9b65939e04e9200cffa361848c4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:03 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=525ab96dd43fa6cf5d4f972271afec8d0c64c034
commit 525ab96dd43fa6cf5d4f972271afec8d0c64c034
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Sat Aug 17 01:25:03 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=84b2959a1ba1806e2e666a90f9c9442950056937
commit 84b2959a1ba1806e2e666a90f9c9442950056937
Merge: 60e5c03 3f154dc 40bbc25
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:02:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=60e5c0377635cf5049bced52de2191a13e7c5826
commit 60e5c0377635cf5049bced52de2191a13e7c5826
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:02:25 2013 -0300
push
diff --git a/meta b/meta
index 6ed244f..73cfd6c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 442baf3f1962c1d771230d73814af2802c7939a3
-Head: 20cfc6cc280a99c7c5c322f9017a835c88940e9d
+Previous: 40bbc25610275afafd89540b32d05e827517453f
+Head: 3f154dc87b1520a90a6a60ee3f64313f37cbe6af
Applied:
powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
@@ -15,20 +15,20 @@ Applied:
manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
manual-document-mt-safety-filesys.patch: 20cfc6cc280a99c7c5c322f9017a835c88940e9d
+ manual-document-mt-safety-getopt.patch: 9f6db34fbf2abae189d89ed0c55f39e8b6e1567d
+ manual-document-mt-safety-libdl.patch: c36ed4e31f0b32016ac4ff66c3f78b796cc60c4d
+ manual-document-mt-safety-job.patch: 5f947de962b5bc8635e43505a3e620452207d5e9
+ manual-document-mt-safety-lang.patch: 0bb0d49f0ce8515d039525a62babee3ee8041467
+ manual-document-mt-safety-llio.patch: d2d0d5547508d14d2b0f8f184b0cb6567a5f3b3b
+ manual-document-mt-safety-stdio.patch: 657da16d7c4dc73ea2a34ee6bfb0443c4f673a5e
+ wip-manual-document-mt-safety-locale.patch: fa0471dff7f451bafb03203df03f3ed569ae49bf
+ wip-manual-document-mt-safety-math.patch: 76f2d203176f382ef78fc4fe0489bdafb8f8a7e0
+ wip-manual-document-mt-safety-startup.patch: a79bade490b89767d07e59d0f983ca57e360c013
+ wip-manual-document-mt-safety-search.patch: 644f9527c94cba4151e00bc4c4f48b06eb1b6181
+ wip-manual-document-mt-safety-resource.patch: a71b7807900481c356bb648d1c572b7d8e50a9c2
+ wip-manual-document-mt-safety-string.patch: c72458cec4f9e82364a18bd1b2fce9e3ad5b7d0a
+ wip-manual-document-mt-safety-terminal.patch: 26939672f6abb9771a3c6832b6751de75dfd10ae
+ wip-manual-document-mt-safety-threads.patch: ffddbd41d3291cd5b098dde10f2e5253124b8813
+ wip-manual-document-mt-safety-time.patch: 3f154dc87b1520a90a6a60ee3f64313f37cbe6af
Unapplied:
- manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
- manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
- manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
- manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
- manual-document-mt-safety-llio.patch: 05c3b86470f7b78f9e514bd75ab3c578632a565e
- manual-document-mt-safety-stdio.patch: e0a2fb9204aeacafd5d47526aca8d0a0d3516b24
- wip-manual-document-mt-safety-locale.patch: 25716969ed7bd40d588ad87a4199c942e09cb030
- wip-manual-document-mt-safety-math.patch: 2040739b74bca159cee9d298f3e2b9f1c6419c10
- wip-manual-document-mt-safety-startup.patch: 740bcbf778d5290c8109de9b137c0490ca6bd44c
- wip-manual-document-mt-safety-search.patch: fc167765de08d9cc6eeefe08d13b8042927d4c46
- wip-manual-document-mt-safety-resource.patch: d44818daeeff4059e760cd5ea9f085bf182eb717
- wip-manual-document-mt-safety-string.patch: 4081c255aff07502983a04524774c57774175012
- wip-manual-document-mt-safety-terminal.patch: 3497681f7e488536c7e151c731fff1a56e012b7d
- wip-manual-document-mt-safety-threads.patch: c0dc224a795deac0cc8aacebcade8ae14842af01
- wip-manual-document-mt-safety-time.patch: ca6ff75c053a2dc37c42b12d238e3397c604960b
Hidden:
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 2b8d8e9..8e2d03d 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: cdc226230e45430773c967a5b19e606c9ac5c26c
-Top: c68359c7dd9923875b40cb6b3e88ccee074aa1cf
+Bottom: 7fa654adb8d9082bddec3251021da106124844a9
+Top: 1b375656241ea5dc462b0293bea840893b4f359b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index dd27713..132b58d 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 6e873142fc9dc8e6673808013c93d2c58ce98443
-Top: c154c087966f912177b97ba1d21240ba8d015145
+Bottom: 3d94d1b2c3bcc092b3df348e4cb20a0cc767b53d
+Top: 2230f3ad68c0c728603008b7ef5a718ed6999f8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 4c352a3..3958ddb 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: c154c087966f912177b97ba1d21240ba8d015145
-Top: fc738e25133a6fc7d7d322e4aaa73f98f45ee411
+Bottom: 2230f3ad68c0c728603008b7ef5a718ed6999f8a
+Top: 03db9c41a3d5843dd52386d18ea8d5ae4fbaa790
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 8a38019..ba39838 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: c68359c7dd9923875b40cb6b3e88ccee074aa1cf
-Top: 6e873142fc9dc8e6673808013c93d2c58ce98443
+Bottom: 1b375656241ea5dc462b0293bea840893b4f359b
+Top: 3d94d1b2c3bcc092b3df348e4cb20a0cc767b53d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 28a9a28..6983a10 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: fc738e25133a6fc7d7d322e4aaa73f98f45ee411
-Top: 2ababec10bdc79e391c0dcfade6046586526bff9
+Bottom: 03db9c41a3d5843dd52386d18ea8d5ae4fbaa790
+Top: f3d45f3a5174c95fda4ca14c3895dea94162ab84
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 3de963c..75523e4 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 2ababec10bdc79e391c0dcfade6046586526bff9
-Top: d690f2a44f6c21eb342e9a3e7523dc72068502a3
+Bottom: f3d45f3a5174c95fda4ca14c3895dea94162ab84
+Top: 871bd834ba505ea12044bc0802ca64d8ac8687bd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index a8e5755..bad17dd 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: d690f2a44f6c21eb342e9a3e7523dc72068502a3
-Top: 481e29ddef07c3cc482dc5a495a3e73b301a97f3
+Bottom: 871bd834ba505ea12044bc0802ca64d8ac8687bd
+Top: 7eb11a4a93285c6437a6a76fcfe3bdb4f7ab231e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 27aa7ee..51ccaa8 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 481e29ddef07c3cc482dc5a495a3e73b301a97f3
-Top: 9f9c0f06c0d34f15d4b04a2a152676ffd52e8df7
+Bottom: 7eb11a4a93285c6437a6a76fcfe3bdb4f7ab231e
+Top: 3e2da94112b66d7d2a5c0302a59092c351a9beae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 0574acd..12c14b8 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 33e1f4fae29f5947f17f70936d3d315b01dff62f
-Top: 3e9c626e7fe436b3de908fc12ed371d066d8f391
+Bottom: 40ef432615a0798e880ce4bf9d0fed695d2d1fe1
+Top: f2c97e058bb7c8c3103a9dd012dcb253194148a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index ee61379..428a92c 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: cf86ac4dd59923640662568a6cede5e573261672
-Top: 33e1f4fae29f5947f17f70936d3d315b01dff62f
+Bottom: 502f555c935f829fc23dd8f2986455c72b952a62
+Top: 40ef432615a0798e880ce4bf9d0fed695d2d1fe1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index a9dfcb5..75dc16a 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 9f9c0f06c0d34f15d4b04a2a152676ffd52e8df7
-Top: cf86ac4dd59923640662568a6cede5e573261672
+Bottom: 3e2da94112b66d7d2a5c0302a59092c351a9beae
+Top: 502f555c935f829fc23dd8f2986455c72b952a62
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 395919e..b1bd108 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 3e9c626e7fe436b3de908fc12ed371d066d8f391
-Top: c89da0b4d41a5745fd4e2551d486e9d9dd0d56d1
+Bottom: f2c97e058bb7c8c3103a9dd012dcb253194148a9
+Top: 06607cc945da4dc1e66af3ac0e88c7e5809f2083
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 5ed60c1..5ff28e9 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: c89da0b4d41a5745fd4e2551d486e9d9dd0d56d1
-Top: 8cea251adc99eb63d9bdc273e9afd6cd37042dcc
+Bottom: 06607cc945da4dc1e66af3ac0e88c7e5809f2083
+Top: e12f04c0e8731c53e3e401f09ae09dffeff3baf4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index c8cfc0b..53feaf3 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 8cea251adc99eb63d9bdc273e9afd6cd37042dcc
-Top: 62785faca46da74e7a2dced79e5b7e422ee534f3
+Bottom: e12f04c0e8731c53e3e401f09ae09dffeff3baf4
+Top: c6a8bfa89bebdd2e843455e435782b1d9c2e6d4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index c9b5cb3..76700ea 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 62785faca46da74e7a2dced79e5b7e422ee534f3
-Top: 85ac7ce981e14893c88c124b59ba947a9ba69034
+Bottom: c6a8bfa89bebdd2e843455e435782b1d9c2e6d4b
+Top: 7a82ed262dde6b6667a78cafef16ff35cc6f7086
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=40bbc25610275afafd89540b32d05e827517453f
commit 40bbc25610275afafd89540b32d05e827517453f
Merge: b0f64d7 442baf3 20cfc6c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:01:59 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b0f64d77f5745d18fead26bd46b129c7b5e22f9f
commit b0f64d77f5745d18fead26bd46b129c7b5e22f9f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:01:59 2013 -0300
refresh
diff --git a/meta b/meta
index fb7b221..6ed244f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 828a9e296e22f33484c009b88eaf45b523b64d83
-Head: cc424d6ed1b24e6a02244c623567f6471a362986
+Previous: 442baf3f1962c1d771230d73814af2802c7939a3
+Head: 20cfc6cc280a99c7c5c322f9017a835c88940e9d
Applied:
powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
@@ -14,8 +14,7 @@ Applied:
manual-document-mt-safety-ctype.patch: f9c7c5a3a45afe0537eac97659a8035fcd353755
manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
- manual-document-mt-safety-filesys.patch: fa001f73d60f803ba2877b9c8297e1b584e3b6ec
- refresh-temp: cc424d6ed1b24e6a02244c623567f6471a362986
+ manual-document-mt-safety-filesys.patch: 20cfc6cc280a99c7c5c322f9017a835c88940e9d
Unapplied:
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 7dc7236..397230b 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
Bottom: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
-Top: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
+Top: 7fa654adb8d9082bddec3251021da106124844a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-16 04:52:55 -0300
@@ -12,4 +12,778 @@ for ChangeLog
---
-
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 814c210..c7eb13b 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the
+ file. This structure is associated with the @var{dirstream} handle
+@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is a version of @code{readdir} which performs internal
+ locking. Like @code{readdir} it returns the next entry from the
+ directory. To prevent conflicts between simultaneously running
+@@ -549,6 +591,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -630,6 +683,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -649,6 +706,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -679,6 +749,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -913,6 +993,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1223,6 +1320,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1282,6 +1380,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1323,6 +1423,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1404,6 +1507,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1908,6 +2020,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1942,6 +2056,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1969,6 +2091,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -2007,12 +2132,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -2020,6 +2147,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -2027,12 +2155,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2765,6 +2907,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2830,6 +2979,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2846,6 +2998,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3225,6 +3413,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat (there's a commented-out safety assessment for this one)
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0a01119..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,784 +0,0 @@
-Bottom: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
-Top: 7fa654adb8d9082bddec3251021da106124844a9
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 05:01:58 -0300
-
-Refresh of manual-document-mt-safety-filesys.patch
-
----
-
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 814c210..c7eb13b 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c If buffer is NULL, this function calls malloc and realloc, and, in
-+@c case of error, free. Linux offers a getcwd syscall that we use on
-+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
-+@c fallback, and on other systems, the generic implementation opens each
-+@c parent directory with opendir, which allocates memory for the
-+@c directory stream with malloc. If a fstatat64 syscall is not
-+@c available, very deep directory trees may also have to malloc to build
-+@c longer sequences of ../../../... than those supported by a global
-+@c const read-only string.
-+
-+@c linux/__getcwd
-+@c posix/__getcwd
-+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
-+@c lstat64 -> see its own entry
-+@c fstatat64
-+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
-+@c openat64_not_cancel_3, close_not_cancel_no_status
-+@c __fdopendir, __opendir, __readdir, rewinddir
- The @code{getcwd} function returns an absolute file name representing
- the current working directory, storing it in the character array
- @var{buffer} that you provide. The @var{size} argument is how you tell
-@@ -116,6 +135,9 @@ software.
- @comment unistd.h
- @comment BSD
- @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
-+@c Besides the getcwd safety issues, it calls strerror_r on error, which
-+@c brings in all of the i18n issues.
- This is similar to @code{getcwd}, but has no way to specify the size of
- the buffer. @Theglibc{} provides @code{getwd} only
- for backwards compatibility with BSD.
-@@ -130,6 +152,9 @@ this function is deprecated.
- @comment unistd.h
- @comment GNU
- @deftypefun {char *} get_current_dir_name (void)
-+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides getcwd, which this function calls as a fallback, it calls
-+@c getenv, with the usual thread-safety issues that brings about.
- @vindex PWD
- This @code{get_current_dir_name} function is basically equivalent to
- @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
-@@ -145,6 +170,7 @@ This function is a GNU extension.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- @var{filename}.
-
-@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
- @comment unistd.h
- @comment XPG
- @deftypefun int fchdir (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- directory associated with the file descriptor @var{filedes}.
-
-@@ -294,12 +321,14 @@ values and @code{st_mode} values:
- @comment dirent.h
- @comment BSD
- @deftypefun int IFTODT (mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{d_type} value corresponding to @var{mode}.
- @end deftypefun
-
- @comment dirent.h
- @comment BSD
- @deftypefun mode_t DTTOIF (int @var{dtype})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{st_mode} value corresponding to @var{dtype}.
- @end deftypefun
- @end table
-@@ -342,6 +371,9 @@ the following functions.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {DIR *} opendir (const char *@var{dirname})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides the safe syscall, we have to allocate the DIR object with
-+@c __alloc_dir, that calls malloc.
- The @code{opendir} function opens and returns a directory stream for
- reading the directory whose file name is @var{dirname}. The stream has
- type @code{DIR *}.
-@@ -381,6 +413,8 @@ alternative interface can be used.
- @comment dirent.h
- @comment GNU
- @deftypefun {DIR *} fdopendir (int @var{fd})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c The DIR object is allocated with __alloc_dir, that calls malloc.
- The @code{fdopendir} function works just like @code{opendir} but
- instead of taking a file name and opening a file descriptor for the
- directory the caller is required to provide a file descriptor. This
-@@ -425,6 +459,7 @@ access.
- @comment dirent.h
- @comment GNU
- @deftypefun int dirfd (DIR *@var{dirstream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The function @code{dirfd} returns the file descriptor associated with
- the directory stream @var{dirstream}. This descriptor can be used until
- the directory is closed with @code{closedir}. If the directory stream
-@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c This function holds dirstream's non-recursive lock, which brings
-+@c about the usual issues with locks and async signals and cancellation,
-+@c but the lock taking is not enough to make the returned value safe to
-+@c use, since it points to a stream's internal buffer that can be
-+@c overwritten by subsequent calls or even released by closedir.
- This function reads the next entry from the directory. It normally
- returns a pointer to a structure containing information about the
- file. This structure is associated with the @var{dirstream} handle
-@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
- @comment dirent.h
- @comment GNU
- @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is a version of @code{readdir} which performs internal
- locking. Like @code{readdir} it returns the next entry from the
- directory. To prevent conflicts between simultaneously running
-@@ -549,6 +591,7 @@ of the last two functions.
- @comment dirent.h
- @comment LFS
- @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64} function is just like the @code{readdir} function
- except that it returns a pointer to a record of type @code{struct
- dirent64}. Some of the members of this data type (notably @code{d_ino})
-@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
- @comment dirent.h
- @comment LFS
- @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64_r} function is equivalent to the @code{readdir_r}
- function except that it takes parameters of base type @code{struct
- dirent64} instead of @code{struct dirent} in the second and third
-@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
- @comment dirent.h
- @comment POSIX.1
- @deftypefun int closedir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
-+@c No synchronization in the posix implementation, only in the hurd
-+@c one. This is regarded as safe because it is undefined behavior if
-+@c other threads could still be using the dir stream while it's closed.
- This function closes the directory stream @var{dirstream}. It returns
- @code{0} on success and @code{-1} on failure.
-
-@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun void rewinddir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{rewinddir} function is used to reinitialize the directory
- stream @var{dirstream}, so that if you call @code{readdir} it
- returns information about the first entry in the directory again. This
-@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
- @comment dirent.h
- @comment BSD
- @deftypefun {long int} telldir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{telldir} function returns the file position of the directory
- stream @var{dirstream}. You can use this value with @code{seekdir} to
- restore the directory stream to that position.
-@@ -630,6 +683,10 @@ restore the directory stream to that position.
- @comment dirent.h
- @comment BSD
- @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{seekdir} function sets the file position of the directory
- stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
- result of a previous call to @code{telldir} on this particular stream;
-@@ -649,6 +706,19 @@ the result.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c The scandir function calls __opendirat, __readdir, and __closedir to
-+@c go over the named dir; malloc and realloc to allocate the namelist
-+@c and copies of each selected dirent, besides the selector, if given,
-+@c and qsort and the cmp functions if the latter is given. In spite of
-+@c the cleanup handler that releases memory and the file descriptor in
-+@c case of synchronous cancellation, an asynchronous cancellation may
-+@c still leak memory and a file descriptor. Although readdir is unsafe
-+@c in general, the use of an internal dir stream for sequential scanning
-+@c of the directory with copying of dirents before subsequent calls
-+@c makes the use safe, and the fact that the dir stream is private to
-+@c each scandir call does away with the lock issues in readdir and
-+@c closedir.
-
- The @code{scandir} function scans the contents of the directory selected
- by @var{dir}. The result in *@var{namelist} is an array of pointers to
-@@ -679,6 +749,8 @@ are very helpful for this purpose.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Calls strcoll.
- The @code{alphasort} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls strverscmp.
- The @code{versionsort} function is like @code{alphasort} except that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
- @comment dirent.h
- @comment GNU
- @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c See scandir.
- The @code{scandir64} function works like the @code{scandir} function
- except that the directory entries it returns are described by elements
- of type @w{@code{struct dirent64}}. The function pointed to by
-@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
- @comment dirent.h
- @comment GNU
- @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c See alphasort.
- The @code{alphasort64} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c See versionsort.
- The @code{versionsort64} function is like @code{alphasort64}, excepted that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -913,6 +993,8 @@ file was passed).
- @comment ftw.h
- @comment SVID
- @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
-+@c see nftw for safety details
- The @code{ftw} function calls the callback function given in the
- parameter @var{func} for every item which is found in the directory
- specified by @var{filename} and all directories below. The function
-@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
- This function is similar to @code{ftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
- @comment ftw.h
- @comment XPG4.2
- @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
-+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
-+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
-+@c if FTW_CHDIR, also calls fchdir
-+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
-+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
-+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
-+@c Since each invocation of *ftw uses its own private search tree, none
-+@c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
- the callback function @var{func} for all items found in the directory
- @var{filename} and below. At most @var{descriptors} file descriptors
-@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
- This function is similar to @code{nftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{link} function makes a new link to the existing file named by
- @var{oldname}, under the new name @var{newname}.
-
-@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
- @comment unistd.h
- @comment BSD
- @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{symlink} function makes a symbolic link to @var{oldname} named
- @var{newname}.
-
-@@ -1223,6 +1320,7 @@ exceeded.
- @comment unistd.h
- @comment BSD
- @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{readlink} function gets the value of the symbolic link
- @var{filename}. The file name that the link points to is copied into
- @var{buffer}. This file name string is @emph{not} null-terminated;
-@@ -1282,6 +1380,8 @@ names can refer to the same inode.
- @comment stdlib.h
- @comment GNU
- @deftypefun {char *} canonicalize_file_name (const char *@var{name})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls realpath.
-
- The @code{canonicalize_file_name} function returns the absolute name of
- the file named by @var{name} which contains no @code{.}, @code{..}
-@@ -1323,6 +1423,8 @@ where the result is placed in.
- @comment stdlib.h
- @comment XPG
- @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
-
- A call to @code{realpath} where the @var{resolved} parameter is
- @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
-@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int unlink (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{unlink} function deletes the file name @var{filename}. If
- this is a file's sole name, the file itself is also deleted. (Actually,
- if any process has the file open when this happens, deletion is
-@@ -1404,6 +1507,7 @@ file system and can't be modified.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int rmdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- @cindex directories, deleting
- @cindex deleting a directory
- The @code{rmdir} function deletes a directory. The directory must be
-@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun int remove (const char *@var{filename})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Calls unlink and rmdir.
- This is the @w{ISO C} function to remove a file. It works like
- @code{unlink} for files and like @code{rmdir} for directories.
- @code{remove} is declared in @file{stdio.h}.
-@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
- @comment stdio.h
- @comment ISO
- @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a rename syscall, there's an emulation with link
-+@c and unlink, but it's racy, even more so if newname exists and is
-+@c unlinked first.
- The @code{rename} function renames the file @var{oldname} to
- @var{newname}. The file formerly accessible under the name
- @var{oldname} is afterwards accessible as @var{newname} instead. (If
-@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{mkdir} function creates a new, empty directory with name
- @var{filename}.
-
-@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{stat} function returns information about the attributes of the
- file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
-
-@@ -1908,6 +2020,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{stat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fstat} function is like @code{stat}, except that it takes an
- open file descriptor as an argument instead of a file name.
- @xref{Low-Level I/O}.
-@@ -1942,6 +2056,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{fstat} but is able to work on large
- files on 32-bit platforms. For large files the file descriptor
- @var{filedes} should be obtained by @code{open64} or @code{creat64}.
-@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
- replaces the interface for small files on 32-bit machines.
- @end deftypefun
-
-+@c fstatat will call alloca and snprintf if the syscall is not
-+@c available.
-+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+
- @comment sys/stat.h
- @comment BSD
- @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat, sometimes with an xstat conv call
-+@c afterwards.
- The @code{lstat} function is like @code{stat}, except that it does not
- follow symbolic links. If @var{filename} is the name of a symbolic
- link, @code{lstat} returns information about the link itself; otherwise
-@@ -1969,6 +2091,9 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat64, sometimes with an xstat conv
-+@c call afterwards.
- This function is similar to @code{lstat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -2007,12 +2132,14 @@ that file:
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISDIR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a directory.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISCHR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a character special file (a
- device like a terminal).
- @end deftypefn
-@@ -2020,6 +2147,7 @@ device like a terminal).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISBLK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a block special file (a device
- like a disk).
- @end deftypefn
-@@ -2027,12 +2155,14 @@ like a disk).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISREG (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a regular file.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISFIFO (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a FIFO special file, or a
- pipe. @xref{Pipes and FIFOs}.
- @end deftypefn
-@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISLNK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a symbolic link.
- @xref{Symbolic Links}.
- @end deftypefn
-@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISSOCK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a socket. @xref{Sockets}.
- @end deftypefn
-
-@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX message queues as distinct objects and the
- file is a message queue object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX semaphores as distinct objects and the
- file is a semaphore object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX shared memory objects as distinct objects
- and the file is an shared memory object, this macro returns a non-zero
- value. In all other cases the result is zero.
-@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chown} function changes the owner of the file @var{filename} to
- @var{owner}, and its group owner to @var{group}.
-
-@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
- @comment unistd.h
- @comment BSD
- @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chown}, except that it changes the owner of the open
- file with descriptor @var{filedes}.
-
-@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun mode_t umask (mode_t @var{mask})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{umask} function sets the file creation mask of the current
- process to @var{mask}, and returns the previous value of the file
- creation mask.
-@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
- @comment sys/stat.h
- @comment GNU
- @deftypefun mode_t getumask (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Return the current value of the file creation mask for the current
- process. This function is a GNU extension and is only available on
- @gnuhurdsystems{}.
-@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chmod} function sets the access permission bits for the file
- named by @var{filename} to @var{mode}.
-
-@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chmod}, except that it changes the permissions of the
- currently open file given by @var{filedes}.
-
-@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int access (const char *@var{filename}, int @var{how})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{access} function checks to see whether the file named by
- @var{filename} can be accessed in the way specified by the @var{how}
- argument. The @var{how} argument either can be the bitwise OR of the
-@@ -2765,6 +2907,9 @@ This is the modification time for the file.
- @comment utime.h
- @comment POSIX.1
- @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utime syscall, it non-atomically converts times
-+@c to a struct timeval and calls utimes.
- This function is used to modify the file times associated with the file
- named @var{filename}.
-
-@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, or to
-+@c struct utimbuf and calls utime.
- This function sets the file access and modification times of the file
- @var{filename}. The new file access time is specified by
- @code{@var{tvp}[0]}, and the new modification time by
-@@ -2830,6 +2979,9 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no lutimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall.
- This function is like @code{utimes}, except that it does not follow
- symbolic links. If @var{filename} is the name of a symbolic link,
- @code{lutimes} sets the file access and modification times of the
-@@ -2846,6 +2998,10 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no futimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, falling back
-+@c to utimes on a /proc/self/fd symlink.
- This function is like @code{utimes}, except that it takes an open file
- descriptor as an argument instead of a file name. @xref{Low-Level
- I/O}. This function comes from FreeBSD, and is not available on all
-@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
- @comment unistd.h
- @comment X/Open
- @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a truncate syscall, we use open and ftruncate.
-
- The @code{truncate} function changes the size of @var{filename} to
- @var{length}. If @var{length} is shorter than the previous length, data
-@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try truncate if length fits.
- This function is similar to the @code{truncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines, which allows the handling of files with sizes up to
-@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX
- @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This is like @code{truncate}, but it works on a file descriptor @var{fd}
- for an opened file instead of a file name to identify the object. The
-@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try ftruncate if length fits.
- This function is similar to the @code{ftruncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines which allows the handling of files with sizes up to
-@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Instead of issuing the syscall directly, we go through xmknod.
-+@c Although the internal xmknod takes a dev_t*, that could lead to
-+@c xguargs races, it's passed a pointer to mknod's dev.
- The @code{mknod} function makes a special file with name @var{filename}.
- The @var{mode} specifies the mode of the file, and may include the various
- special file bits, such as @code{S_IFCHR} (for a character special file)
-@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} tmpfile (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@c The unsafety issues are those of fdopen, plus fdleak because of the
-+@c open.
-+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
-+@c libc_secure_genenv only if try_tmpdir
-+@c xstat64, strlen, strcmp, sprintf
-+@c __gen_tempname (internal tmpl, __GT_FILE) ok
-+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
-+@c HP_TIMING_NOW if available ok
-+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
-+@c static value is used and modified without synchronization ok
-+@c but the use is as a source of non-cryptographic randomness
-+@c with retries in case of collision, so it should be safe
-+@c unlink, fdopen
- This function creates a temporary binary file for update mode, as if by
- calling @code{fopen} with mode @code{"wb+"}. The file is deleted
- automatically when it is closed or when the program terminates. (On
-@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} tmpfile64 (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{tmpfile}, but the stream it returns a
- pointer to was opened using @code{tmpfile64}. Therefore this stream can
- be used for files larger then @math{2^31} bytes on 32-bit machines.
-@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
- @comment stdio.h
- @comment ISO
- @deftypefun {char *} tmpnam (char *@var{result})
-+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
-+@c The passed-in buffer should not be modified concurrently with the
-+@c call.
-+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
- This function constructs and returns a valid file name that does not
- refer to any existing file. If the @var{result} argument is a null
- pointer, the return value is a pointer to an internal static string,
-@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdio.h
- @comment GNU
- @deftypefun {char *} tmpnam_r (char *@var{result})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- This function is nearly identical to the @code{tmpnam} function, except
- that if @var{result} is a null pointer it returns a null pointer.
-
-@@ -3225,6 +3413,13 @@ never less than @code{25}.
- @comment stdio.h
- @comment SVID
- @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
-+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
-+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
-+@c even with a non-NULL dir, which makes this thread-unsafe.
-+@c
-+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
-+@c strdup
- This function generates a unique temporary file name. If @var{prefix}
- is not a null pointer, up to five characters of this string are used as
- a prefix for the file name. The return value is a string newly
-@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
- @comment stdlib.h
- @comment Unix
- @deftypefun {char *} mktemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
- The @code{mktemp} function generates a unique file name by modifying
- @var{template} as described above. If successful, it returns
- @var{template} as modified. If @code{mktemp} cannot find a unique file
-@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdlib.h
- @comment BSD
- @deftypefun int mkstemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
-+@c __gen_tempname (caller tmpl, __GT_FILE) ok
- The @code{mkstemp} function generates a unique file name just as
- @code{mktemp} does, but it also opens the file for you with @code{open}
- (@pxref{Opening and Closing Files}). If successful, it modifies
-@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
- @comment stdlib.h
- @comment BSD
- @deftypefun {char *} mkdtemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_DIR) ok
- The @code{mkdtemp} function creates a directory with a unique name. If
- it succeeds, it overwrites @var{template} with the name of the
- directory, and returns @var{template}. As with @code{mktemp} and
-@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
- @xref{Creating Directories}.
-
- The @code{mkdtemp} function comes from OpenBSD.
-+
-+@c FIXME these are undocumented:
-+@c faccessat
-+@c fchmodat
-+@c fchownat
-+@c futimesat
-+@c fstatat (there's a commented-out safety assessment for this one)
-+@c linkat
-+@c mkdirat
-+@c mkfifoat
-+@c name_to_handle_at
-+@c openat
-+@c open_by_handle_at
-+@c readlinkat
-+@c renameat
-+@c scandirat
-+@c symlinkat
-+@c unlinkat
-+@c utimensat
-+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=442baf3f1962c1d771230d73814af2802c7939a3
commit 442baf3f1962c1d771230d73814af2802c7939a3
Merge: bf2bd3b 828a9e2 cc424d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:01:59 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bf2bd3bef2433aa3ffb25a44cdb74f74f27231c6
commit bf2bd3bef2433aa3ffb25a44cdb74f74f27231c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:01:59 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index b006b37..fb7b221 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: bcb5ff7712c3f8a6dc163c0612292f179920c79c
-Head: fa001f73d60f803ba2877b9c8297e1b584e3b6ec
+Previous: 828a9e296e22f33484c009b88eaf45b523b64d83
+Head: cc424d6ed1b24e6a02244c623567f6471a362986
Applied:
powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
manual-document-mt-safety-filesys.patch: fa001f73d60f803ba2877b9c8297e1b584e3b6ec
+ refresh-temp: cc424d6ed1b24e6a02244c623567f6471a362986
Unapplied:
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0a01119
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,784 @@
+Bottom: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
+Top: 7fa654adb8d9082bddec3251021da106124844a9
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 05:01:58 -0300
+
+Refresh of manual-document-mt-safety-filesys.patch
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 814c210..c7eb13b 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the
+ file. This structure is associated with the @var{dirstream} handle
+@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is a version of @code{readdir} which performs internal
+ locking. Like @code{readdir} it returns the next entry from the
+ directory. To prevent conflicts between simultaneously running
+@@ -549,6 +591,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -630,6 +683,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -649,6 +706,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -679,6 +749,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -913,6 +993,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1223,6 +1320,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1282,6 +1380,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1323,6 +1423,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1404,6 +1507,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1908,6 +2020,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1942,6 +2056,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1969,6 +2091,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -2007,12 +2132,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -2020,6 +2147,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -2027,12 +2155,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2765,6 +2907,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2830,6 +2979,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2846,6 +2998,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3225,6 +3413,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat (there's a commented-out safety assessment for this one)
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cc424d6ed1b24e6a02244c623567f6471a362986
commit cc424d6ed1b24e6a02244c623567f6471a362986
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 05:01:58 2013 -0300
Refresh of manual-document-mt-safety-filesys.patch
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 814c210..c7eb13b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the
file. This structure is associated with the @var{dirstream} handle
@@ -478,6 +519,7 @@ locking if multiple threads access the same @var{dirstream}.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is a version of @code{readdir} which performs internal
locking. Like @code{readdir} it returns the next entry from the
directory. To prevent conflicts between simultaneously running
@@ -549,6 +591,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -560,6 +603,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -570,6 +614,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -609,6 +657,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -622,6 +671,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -630,6 +683,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -649,6 +706,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -679,6 +749,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -691,6 +763,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -703,6 +777,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -721,6 +797,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -733,6 +811,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -913,6 +993,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -963,6 +1045,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -976,6 +1059,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1036,6 +1130,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1079,6 +1174,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1186,6 +1282,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1223,6 +1320,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1282,6 +1380,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1323,6 +1423,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1362,6 +1464,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1404,6 +1507,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1431,6 +1535,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1446,6 +1552,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1541,6 +1651,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1882,6 +1993,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1908,6 +2020,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1921,6 +2034,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1942,6 +2056,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1953,9 +2068,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1969,6 +2091,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -2007,12 +2132,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -2020,6 +2147,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -2027,12 +2155,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2040,6 +2170,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2047,6 +2178,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2129,6 +2261,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2137,6 +2270,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2145,6 +2279,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2189,6 +2324,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2223,6 +2359,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2502,6 +2639,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2527,6 +2665,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2535,6 +2674,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2575,6 +2715,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2645,6 +2786,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2765,6 +2907,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2816,6 +2961,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2830,6 +2979,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2846,6 +2998,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2900,6 +3056,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2944,6 +3102,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2957,6 +3117,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -3021,6 +3182,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3083,6 +3246,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3134,6 +3301,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3150,6 +3331,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3165,6 +3347,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3189,6 +3376,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3225,6 +3413,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3288,6 +3483,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3306,6 +3503,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3328,6 +3527,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3349,3 +3550,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=828a9e296e22f33484c009b88eaf45b523b64d83
commit 828a9e296e22f33484c009b88eaf45b523b64d83
Merge: d132003 fa001f7 bcb5ff7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:52:56 2013 -0300
pull (CONFLICT)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1320034d55f8d03582f23ce5338b8ef693a7607
commit d1320034d55f8d03582f23ce5338b8ef693a7607
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:52:56 2013 -0300
pull (CONFLICT)
diff --git a/meta b/meta
index 2fa5052..b006b37 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cf9af743e59dfbf5fda5a2a47c3e79180f45abdb
-Head: 1de4023eaef09c4f66ee8cda9af72299102a6a11
+Previous: bcb5ff7712c3f8a6dc163c0612292f179920c79c
+Head: fa001f73d60f803ba2877b9c8297e1b584e3b6ec
Applied:
powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
@@ -14,8 +14,8 @@ Applied:
manual-document-mt-safety-ctype.patch: f9c7c5a3a45afe0537eac97659a8035fcd353755
manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
+ manual-document-mt-safety-filesys.patch: fa001f73d60f803ba2877b9c8297e1b584e3b6ec
Unapplied:
- manual-document-mt-safety-filesys.patch: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index f1fe08e..7dc7236 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,7 +1,7 @@
-Bottom: 1ff2a8e59e8b9699588c78ee345f4d6ed95eb078
-Top: cdc226230e45430773c967a5b19e606c9ac5c26c
+Bottom: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
+Top: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:06:03 -0300
+Date: 2013-08-16 04:52:55 -0300
Thread safety documentation.
@@ -12,778 +12,4 @@ for ChangeLog
---
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..b5b6630 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c If buffer is NULL, this function calls malloc and realloc, and, in
-+@c case of error, free. Linux offers a getcwd syscall that we use on
-+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
-+@c fallback, and on other systems, the generic implementation opens each
-+@c parent directory with opendir, which allocates memory for the
-+@c directory stream with malloc. If a fstatat64 syscall is not
-+@c available, very deep directory trees may also have to malloc to build
-+@c longer sequences of ../../../... than those supported by a global
-+@c const read-only string.
-+
-+@c linux/__getcwd
-+@c posix/__getcwd
-+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
-+@c lstat64 -> see its own entry
-+@c fstatat64
-+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
-+@c openat64_not_cancel_3, close_not_cancel_no_status
-+@c __fdopendir, __opendir, __readdir, rewinddir
- The @code{getcwd} function returns an absolute file name representing
- the current working directory, storing it in the character array
- @var{buffer} that you provide. The @var{size} argument is how you tell
-@@ -116,6 +135,9 @@ software.
- @comment unistd.h
- @comment BSD
- @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
-+@c Besides the getcwd safety issues, it calls strerror_r on error, which
-+@c brings in all of the i18n issues.
- This is similar to @code{getcwd}, but has no way to specify the size of
- the buffer. @Theglibc{} provides @code{getwd} only
- for backwards compatibility with BSD.
-@@ -130,6 +152,9 @@ this function is deprecated.
- @comment unistd.h
- @comment GNU
- @deftypefun {char *} get_current_dir_name (void)
-+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides getcwd, which this function calls as a fallback, it calls
-+@c getenv, with the usual thread-safety issues that brings about.
- @vindex PWD
- This @code{get_current_dir_name} function is basically equivalent to
- @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
-@@ -145,6 +170,7 @@ This function is a GNU extension.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- @var{filename}.
-
-@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
- @comment unistd.h
- @comment XPG
- @deftypefun int fchdir (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- directory associated with the file descriptor @var{filedes}.
-
-@@ -294,12 +321,14 @@ values and @code{st_mode} values:
- @comment dirent.h
- @comment BSD
- @deftypefun int IFTODT (mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{d_type} value corresponding to @var{mode}.
- @end deftypefun
-
- @comment dirent.h
- @comment BSD
- @deftypefun mode_t DTTOIF (int @var{dtype})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{st_mode} value corresponding to @var{dtype}.
- @end deftypefun
- @end table
-@@ -342,6 +371,9 @@ the following functions.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {DIR *} opendir (const char *@var{dirname})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides the safe syscall, we have to allocate the DIR object with
-+@c __alloc_dir, that calls malloc.
- The @code{opendir} function opens and returns a directory stream for
- reading the directory whose file name is @var{dirname}. The stream has
- type @code{DIR *}.
-@@ -381,6 +413,8 @@ alternative interface can be used.
- @comment dirent.h
- @comment GNU
- @deftypefun {DIR *} fdopendir (int @var{fd})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c The DIR object is allocated with __alloc_dir, that calls malloc.
- The @code{fdopendir} function works just like @code{opendir} but
- instead of taking a file name and opening a file descriptor for the
- directory the caller is required to provide a file descriptor. This
-@@ -425,6 +459,7 @@ access.
- @comment dirent.h
- @comment GNU
- @deftypefun int dirfd (DIR *@var{dirstream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The function @code{dirfd} returns the file descriptor associated with
- the directory stream @var{dirstream}. This descriptor can be used until
- the directory is closed with @code{closedir}. If the directory stream
-@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c This function holds dirstream's non-recursive lock, which brings
-+@c about the usual issues with locks and async signals and cancellation,
-+@c but the lock taking is not enough to make the returned value safe to
-+@c use, since it points to a stream's internal buffer that can be
-+@c overwritten by subsequent calls or even released by closedir.
- This function reads the next entry from the directory. It normally
- returns a pointer to a structure containing information about the file.
- This structure is statically allocated and can be rewritten by a
-@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
- @comment dirent.h
- @comment GNU
- @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is the reentrant version of @code{readdir}. Like
- @code{readdir} it returns the next entry from the directory. But to
- prevent conflicts between simultaneously running threads the result is
-@@ -516,6 +558,7 @@ of the last two functions.
- @comment dirent.h
- @comment LFS
- @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64} function is just like the @code{readdir} function
- except that it returns a pointer to a record of type @code{struct
- dirent64}. Some of the members of this data type (notably @code{d_ino})
-@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
- @comment dirent.h
- @comment LFS
- @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64_r} function is equivalent to the @code{readdir_r}
- function except that it takes parameters of base type @code{struct
- dirent64} instead of @code{struct dirent} in the second and third
-@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
- @comment dirent.h
- @comment POSIX.1
- @deftypefun int closedir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
-+@c No synchronization in the posix implementation, only in the hurd
-+@c one. This is regarded as safe because it is undefined behavior if
-+@c other threads could still be using the dir stream while it's closed.
- This function closes the directory stream @var{dirstream}. It returns
- @code{0} on success and @code{-1} on failure.
-
-@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun void rewinddir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{rewinddir} function is used to reinitialize the directory
- stream @var{dirstream}, so that if you call @code{readdir} it
- returns information about the first entry in the directory again. This
-@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
- @comment dirent.h
- @comment BSD
- @deftypefun {long int} telldir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{telldir} function returns the file position of the directory
- stream @var{dirstream}. You can use this value with @code{seekdir} to
- restore the directory stream to that position.
-@@ -597,6 +650,10 @@ restore the directory stream to that position.
- @comment dirent.h
- @comment BSD
- @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{seekdir} function sets the file position of the directory
- stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
- result of a previous call to @code{telldir} on this particular stream;
-@@ -616,6 +673,19 @@ the result.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c The scandir function calls __opendirat, __readdir, and __closedir to
-+@c go over the named dir; malloc and realloc to allocate the namelist
-+@c and copies of each selected dirent, besides the selector, if given,
-+@c and qsort and the cmp functions if the latter is given. In spite of
-+@c the cleanup handler that releases memory and the file descriptor in
-+@c case of synchronous cancellation, an asynchronous cancellation may
-+@c still leak memory and a file descriptor. Although readdir is unsafe
-+@c in general, the use of an internal dir stream for sequential scanning
-+@c of the directory with copying of dirents before subsequent calls
-+@c makes the use safe, and the fact that the dir stream is private to
-+@c each scandir call does away with the lock issues in readdir and
-+@c closedir.
-
- The @code{scandir} function scans the contents of the directory selected
- by @var{dir}. The result in *@var{namelist} is an array of pointers to
-@@ -646,6 +716,8 @@ are very helpful for this purpose.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Calls strcoll.
- The @code{alphasort} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls strverscmp.
- The @code{versionsort} function is like @code{alphasort} except that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
- @comment dirent.h
- @comment GNU
- @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c See scandir.
- The @code{scandir64} function works like the @code{scandir} function
- except that the directory entries it returns are described by elements
- of type @w{@code{struct dirent64}}. The function pointed to by
-@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
- @comment dirent.h
- @comment GNU
- @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c See alphasort.
- The @code{alphasort64} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c See versionsort.
- The @code{versionsort64} function is like @code{alphasort64}, excepted that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -880,6 +960,8 @@ file was passed).
- @comment ftw.h
- @comment SVID
- @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
-+@c see nftw for safety details
- The @code{ftw} function calls the callback function given in the
- parameter @var{func} for every item which is found in the directory
- specified by @var{filename} and all directories below. The function
-@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
- This function is similar to @code{ftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
- @comment ftw.h
- @comment XPG4.2
- @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
-+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
-+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
-+@c if FTW_CHDIR, also calls fchdir
-+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
-+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
-+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
-+@c Since each invocation of *ftw uses its own private search tree, none
-+@c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
- the callback function @var{func} for all items found in the directory
- @var{filename} and below. At most @var{descriptors} file descriptors
-@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
- This function is similar to @code{nftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{link} function makes a new link to the existing file named by
- @var{oldname}, under the new name @var{newname}.
-
-@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
- @comment unistd.h
- @comment BSD
- @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{symlink} function makes a symbolic link to @var{oldname} named
- @var{newname}.
-
-@@ -1190,6 +1287,7 @@ exceeded.
- @comment unistd.h
- @comment BSD
- @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{readlink} function gets the value of the symbolic link
- @var{filename}. The file name that the link points to is copied into
- @var{buffer}. This file name string is @emph{not} null-terminated;
-@@ -1249,6 +1347,8 @@ names can refer to the same inode.
- @comment stdlib.h
- @comment GNU
- @deftypefun {char *} canonicalize_file_name (const char *@var{name})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls realpath.
-
- The @code{canonicalize_file_name} function returns the absolute name of
- the file named by @var{name} which contains no @code{.}, @code{..}
-@@ -1290,6 +1390,8 @@ where the result is placed in.
- @comment stdlib.h
- @comment XPG
- @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
-
- A call to @code{realpath} where the @var{resolved} parameter is
- @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
-@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int unlink (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{unlink} function deletes the file name @var{filename}. If
- this is a file's sole name, the file itself is also deleted. (Actually,
- if any process has the file open when this happens, deletion is
-@@ -1371,6 +1474,7 @@ file system and can't be modified.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int rmdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- @cindex directories, deleting
- @cindex deleting a directory
- The @code{rmdir} function deletes a directory. The directory must be
-@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun int remove (const char *@var{filename})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Calls unlink and rmdir.
- This is the @w{ISO C} function to remove a file. It works like
- @code{unlink} for files and like @code{rmdir} for directories.
- @code{remove} is declared in @file{stdio.h}.
-@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
- @comment stdio.h
- @comment ISO
- @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a rename syscall, there's an emulation with link
-+@c and unlink, but it's racy, even more so if newname exists and is
-+@c unlinked first.
- The @code{rename} function renames the file @var{oldname} to
- @var{newname}. The file formerly accessible under the name
- @var{oldname} is afterwards accessible as @var{newname} instead. (If
-@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{mkdir} function creates a new, empty directory with name
- @var{filename}.
-
-@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{stat} function returns information about the attributes of the
- file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
-
-@@ -1875,6 +1987,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{stat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fstat} function is like @code{stat}, except that it takes an
- open file descriptor as an argument instead of a file name.
- @xref{Low-Level I/O}.
-@@ -1909,6 +2023,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{fstat} but is able to work on large
- files on 32-bit platforms. For large files the file descriptor
- @var{filedes} should be obtained by @code{open64} or @code{creat64}.
-@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
- replaces the interface for small files on 32-bit machines.
- @end deftypefun
-
-+@c fstatat will call alloca and snprintf if the syscall is not
-+@c available.
-+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+
- @comment sys/stat.h
- @comment BSD
- @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat, sometimes with an xstat conv call
-+@c afterwards.
- The @code{lstat} function is like @code{stat}, except that it does not
- follow symbolic links. If @var{filename} is the name of a symbolic
- link, @code{lstat} returns information about the link itself; otherwise
-@@ -1936,6 +2058,9 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat64, sometimes with an xstat conv
-+@c call afterwards.
- This function is similar to @code{lstat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1974,12 +2099,14 @@ that file:
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISDIR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a directory.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISCHR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a character special file (a
- device like a terminal).
- @end deftypefn
-@@ -1987,6 +2114,7 @@ device like a terminal).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISBLK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a block special file (a device
- like a disk).
- @end deftypefn
-@@ -1994,12 +2122,14 @@ like a disk).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISREG (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a regular file.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISFIFO (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a FIFO special file, or a
- pipe. @xref{Pipes and FIFOs}.
- @end deftypefn
-@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISLNK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a symbolic link.
- @xref{Symbolic Links}.
- @end deftypefn
-@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISSOCK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a socket. @xref{Sockets}.
- @end deftypefn
-
-@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX message queues as distinct objects and the
- file is a message queue object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX semaphores as distinct objects and the
- file is a semaphore object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX shared memory objects as distinct objects
- and the file is an shared memory object, this macro returns a non-zero
- value. In all other cases the result is zero.
-@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chown} function changes the owner of the file @var{filename} to
- @var{owner}, and its group owner to @var{group}.
-
-@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
- @comment unistd.h
- @comment BSD
- @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chown}, except that it changes the owner of the open
- file with descriptor @var{filedes}.
-
-@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun mode_t umask (mode_t @var{mask})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{umask} function sets the file creation mask of the current
- process to @var{mask}, and returns the previous value of the file
- creation mask.
-@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
- @comment sys/stat.h
- @comment GNU
- @deftypefun mode_t getumask (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Return the current value of the file creation mask for the current
- process. This function is a GNU extension and is only available on
- @gnuhurdsystems{}.
-@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chmod} function sets the access permission bits for the file
- named by @var{filename} to @var{mode}.
-
-@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chmod}, except that it changes the permissions of the
- currently open file given by @var{filedes}.
-
-@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int access (const char *@var{filename}, int @var{how})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{access} function checks to see whether the file named by
- @var{filename} can be accessed in the way specified by the @var{how}
- argument. The @var{how} argument either can be the bitwise OR of the
-@@ -2732,6 +2874,9 @@ This is the modification time for the file.
- @comment utime.h
- @comment POSIX.1
- @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utime syscall, it non-atomically converts times
-+@c to a struct timeval and calls utimes.
- This function is used to modify the file times associated with the file
- named @var{filename}.
-
-@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, or to
-+@c struct utimbuf and calls utime.
- This function sets the file access and modification times of the file
- @var{filename}. The new file access time is specified by
- @code{@var{tvp}[0]}, and the new modification time by
-@@ -2797,6 +2946,9 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no lutimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall.
- This function is like @code{utimes}, except that it does not follow
- symbolic links. If @var{filename} is the name of a symbolic link,
- @code{lutimes} sets the file access and modification times of the
-@@ -2813,6 +2965,10 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no futimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, falling back
-+@c to utimes on a /proc/self/fd symlink.
- This function is like @code{utimes}, except that it takes an open file
- descriptor as an argument instead of a file name. @xref{Low-Level
- I/O}. This function comes from FreeBSD, and is not available on all
-@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
- @comment unistd.h
- @comment X/Open
- @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a truncate syscall, we use open and ftruncate.
-
- The @code{truncate} function changes the size of @var{filename} to
- @var{length}. If @var{length} is shorter than the previous length, data
-@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try truncate if length fits.
- This function is similar to the @code{truncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines, which allows the handling of files with sizes up to
-@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX
- @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This is like @code{truncate}, but it works on a file descriptor @var{fd}
- for an opened file instead of a file name to identify the object. The
-@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try ftruncate if length fits.
- This function is similar to the @code{ftruncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines which allows the handling of files with sizes up to
-@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Instead of issuing the syscall directly, we go through xmknod.
-+@c Although the internal xmknod takes a dev_t*, that could lead to
-+@c xguargs races, it's passed a pointer to mknod's dev.
- The @code{mknod} function makes a special file with name @var{filename}.
- The @var{mode} specifies the mode of the file, and may include the various
- special file bits, such as @code{S_IFCHR} (for a character special file)
-@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} tmpfile (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@c The unsafety issues are those of fdopen, plus fdleak because of the
-+@c open.
-+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
-+@c libc_secure_genenv only if try_tmpdir
-+@c xstat64, strlen, strcmp, sprintf
-+@c __gen_tempname (internal tmpl, __GT_FILE) ok
-+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
-+@c HP_TIMING_NOW if available ok
-+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
-+@c static value is used and modified without synchronization ok
-+@c but the use is as a source of non-cryptographic randomness
-+@c with retries in case of collision, so it should be safe
-+@c unlink, fdopen
- This function creates a temporary binary file for update mode, as if by
- calling @code{fopen} with mode @code{"wb+"}. The file is deleted
- automatically when it is closed or when the program terminates. (On
-@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} tmpfile64 (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{tmpfile}, but the stream it returns a
- pointer to was opened using @code{tmpfile64}. Therefore this stream can
- be used for files larger then @math{2^31} bytes on 32-bit machines.
-@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
- @comment stdio.h
- @comment ISO
- @deftypefun {char *} tmpnam (char *@var{result})
-+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
-+@c The passed-in buffer should not be modified concurrently with the
-+@c call.
-+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
- This function constructs and returns a valid file name that does not
- refer to any existing file. If the @var{result} argument is a null
- pointer, the return value is a pointer to an internal static string,
-@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdio.h
- @comment GNU
- @deftypefun {char *} tmpnam_r (char *@var{result})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- This function is nearly identical to the @code{tmpnam} function, except
- that if @var{result} is a null pointer it returns a null pointer.
-
-@@ -3192,6 +3380,13 @@ never less than @code{25}.
- @comment stdio.h
- @comment SVID
- @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
-+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
-+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
-+@c even with a non-NULL dir, which makes this thread-unsafe.
-+@c
-+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
-+@c strdup
- This function generates a unique temporary file name. If @var{prefix}
- is not a null pointer, up to five characters of this string are used as
- a prefix for the file name. The return value is a string newly
-@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
- @comment stdlib.h
- @comment Unix
- @deftypefun {char *} mktemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
- The @code{mktemp} function generates a unique file name by modifying
- @var{template} as described above. If successful, it returns
- @var{template} as modified. If @code{mktemp} cannot find a unique file
-@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdlib.h
- @comment BSD
- @deftypefun int mkstemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
-+@c __gen_tempname (caller tmpl, __GT_FILE) ok
- The @code{mkstemp} function generates a unique file name just as
- @code{mktemp} does, but it also opens the file for you with @code{open}
- (@pxref{Opening and Closing Files}). If successful, it modifies
-@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
- @comment stdlib.h
- @comment BSD
- @deftypefun {char *} mkdtemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_DIR) ok
- The @code{mkdtemp} function creates a directory with a unique name. If
- it succeeds, it overwrites @var{template} with the name of the
- directory, and returns @var{template}. As with @code{mktemp} and
-@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
- @xref{Creating Directories}.
-
- The @code{mkdtemp} function comes from OpenBSD.
-+
-+@c FIXME these are undocumented:
-+@c faccessat
-+@c fchmodat
-+@c fchownat
-+@c futimesat
-+@c fstatat (there's a commented-out safety assessment for this one)
-+@c linkat
-+@c mkdirat
-+@c mkfifoat
-+@c name_to_handle_at
-+@c openat
-+@c open_by_handle_at
-+@c readlinkat
-+@c renameat
-+@c scandirat
-+@c symlinkat
-+@c unlinkat
-+@c utimensat
-+@c mknodat
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa001f73d60f803ba2877b9c8297e1b584e3b6ec
commit fa001f73d60f803ba2877b9c8297e1b584e3b6ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:52:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bcb5ff7712c3f8a6dc163c0612292f179920c79c
commit bcb5ff7712c3f8a6dc163c0612292f179920c79c
Merge: d9db060 1de4023 cf9af74
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:52:55 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9db06086c822c699f8597d66ac610c715571df0
commit d9db06086c822c699f8597d66ac610c715571df0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:52:55 2013 -0300
pull
diff --git a/meta b/meta
index 51877f4..2fa5052 100644
--- a/meta
+++ b/meta
@@ -1,19 +1,20 @@
Version: 1
-Previous: cccee05222f6772a39cbeff86aee5e69c20800ec
-Head: ca6ff75c053a2dc37c42b12d238e3397c604960b
+Previous: cf9af743e59dfbf5fda5a2a47c3e79180f45abdb
+Head: 1de4023eaef09c4f66ee8cda9af72299102a6a11
Applied:
- powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
- unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
- remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
- manual-document-mt-safety.patch: a55b2aa9900f7f2d98793bb44e882e32b000150b
- manual-document-mt-safety-argp.patch: f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
- manual-document-mt-safety-arith.patch: 7288eb7651261bf0ff7d26fd94d47c4a6267169f
- manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
- manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
- manual-document-mt-safety-crypt.patch: dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
- manual-document-mt-safety-ctype.patch: 1d9117d74990d3b2c143fd888d1435b627116a49
- manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
- manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
+ powerpc-nofpu-sim-note-nothread.patch: 696f6dab87abef96e7993fda3f143bbdeb1f34e8
+ unused-scalb-is-scalbn.patch: 8e4917e9cf19e11865e8257a23808022f8661b79
+ remove-sysdeps-ieee754-support.patch: a695677bd128bab38d17152a529deb639c38a9cc
+ manual-document-mt-safety.patch: 68be24a2fdb555f49822dadce0e7a9dcce313fef
+ manual-document-mt-safety-argp.patch: 3140ac4a6f81a1c3771e446d1b992366ac25c1fd
+ manual-document-mt-safety-arith.patch: 26f6a615ed5791824c49a73f2c3f2363a1068a67
+ manual-document-mt-safety-charset.patch: 0df07b4fc684fb54e4439dc6d2c3dbbe1bfebcc1
+ manual-document-mt-safety-conf.patch: d07742aef69215a1f5e40b91d1ce62d2bd0f3436
+ manual-document-mt-safety-crypt.patch: 9612e68916ea2d715e826de3ea1e63449b56113a
+ manual-document-mt-safety-ctype.patch: f9c7c5a3a45afe0537eac97659a8035fcd353755
+ manual-document-mt-safety-debug.patch: 93d4600a981245726112f8653ae093789c5781bc
+ manual-document-mt-safety-errno.patch: 1de4023eaef09c4f66ee8cda9af72299102a6a11
+Unapplied:
manual-document-mt-safety-filesys.patch: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 3497681f7e488536c7e151c731fff1a56e012b7d
wip-manual-document-mt-safety-threads.patch: c0dc224a795deac0cc8aacebcade8ae14842af01
wip-manual-document-mt-safety-time.patch: ca6ff75c053a2dc37c42b12d238e3397c604960b
-Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index fcb91bc..2d84eea 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,7 +1,7 @@
-Bottom: dd5f61ec57d719c37843c4e02281f6e13e85e1e6
-Top: 7330788415ea874753e04d105c9610b828888f8d
+Bottom: 9a965dda103f127bc6ee768c73f81465bb617ddc
+Top: 42073023177bd6d20e6b8df2090232d020997496
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:57:08 -0300
+Date: 2013-08-16 04:52:53 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 24f961d..7910a8d 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: 7330788415ea874753e04d105c9610b828888f8d
-Top: 938a0224455b9ed4d30c77898cfcda3e7658d101
+Bottom: 42073023177bd6d20e6b8df2090232d020997496
+Top: 50364dad6f3079f8f8364e094b81d4f279e17b9a
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:40 -0300
+Date: 2013-08-16 04:52:53 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index b81a770..38ab65e 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,7 +1,7 @@
-Bottom: 938a0224455b9ed4d30c77898cfcda3e7658d101
-Top: 11af94a52cfc833e6b706d5bb2641d219dd8e9b1
+Bottom: 50364dad6f3079f8f8364e094b81d4f279e17b9a
+Top: 2057130a7d71203b9a9f38120e917b098c480a6f
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:01:33 -0300
+Date: 2013-08-16 04:52:53 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 17f1a35..4a2d7b5 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,7 +1,7 @@
-Bottom: 11af94a52cfc833e6b706d5bb2641d219dd8e9b1
-Top: 6971015fc6a93453edf7bda609669d84f67a4037
+Bottom: 2057130a7d71203b9a9f38120e917b098c480a6f
+Top: 94804776420739d4e7851f76aae8683d669215d4
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:03:16 -0300
+Date: 2013-08-16 04:52:53 -0300
Thread safety documentation.
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/conf.texi b/manual/conf.texi
-index 7eb8b36..edbb2fd 100644
+index c720063..79bfcdb 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@@ -34,7 +34,7 @@ index 7eb8b36..edbb2fd 100644
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
-@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
+@@ -1348,6 +1359,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
@@ -46,7 +46,7 @@ index 7eb8b36..edbb2fd 100644
This function is used to inquire about the limits that apply to
the file named @var{filename}.
-@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
+@@ -1375,6 +1391,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
@@ -55,7 +55,7 @@ index 7eb8b36..edbb2fd 100644
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
-@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
+@@ -1624,6 +1642,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 48df593..a16a183 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,7 +1,7 @@
-Bottom: 6971015fc6a93453edf7bda609669d84f67a4037
-Top: 7995ce65c762cc782885f999be1655c53385b187
+Bottom: 94804776420739d4e7851f76aae8683d669215d4
+Top: f5c503197dbf6356975447e7636e2dd3143a2989
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:03:47 -0300
+Date: 2013-08-16 04:52:54 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index e5aada3..e6d4b14 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,7 +1,7 @@
-Bottom: 7995ce65c762cc782885f999be1655c53385b187
-Top: 64ebd752fed5cf529fd9903b3078f66d5a39ae0f
+Bottom: f5c503197dbf6356975447e7636e2dd3143a2989
+Top: 003a6157dc020fa72680ae4a6ca0b81297cad891
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:41 -0300
+Date: 2013-08-16 04:52:54 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 8ca0d1e..952e178 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,7 +1,7 @@
-Bottom: 64ebd752fed5cf529fd9903b3078f66d5a39ae0f
-Top: 1c6445c77783aa0c8826066576f1bea1d574a20c
+Bottom: 003a6157dc020fa72680ae4a6ca0b81297cad891
+Top: 1bfb6d75e28a05d618536054d216af24c1d005eb
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:05:11 -0300
+Date: 2013-08-16 04:52:54 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 41e8371..d209c0e 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,7 +1,7 @@
-Bottom: 1c6445c77783aa0c8826066576f1bea1d574a20c
-Top: 1ff2a8e59e8b9699588c78ee345f4d6ed95eb078
+Bottom: 1bfb6d75e28a05d618536054d216af24c1d005eb
+Top: e7b3cec4e03306c8e81023c08b98e74a0faacbbe
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:05:34 -0300
+Date: 2013-08-16 04:52:55 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index a573ff4..d425832 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 50e2fbc0bfe0ec92d66e09e6b0891dfd6c8d53b7
-Top: dd5f61ec57d719c37843c4e02281f6e13e85e1e6
+Bottom: 3e408a78cb48814b5d0267f4ac1660cd08e00d24
+Top: 9a965dda103f127bc6ee768c73f81465bb617ddc
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:39 -0300
+Date: 2013-08-16 04:52:52 -0300
Thread safety documentation.
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 5a7513e..300c5fe 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,7 +1,7 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: b937cc635d4d2275aefa75f55fe195e302fbe4e3
+Bottom: 268277f390b889cc857152d268242bd603036b9e
+Top: 16be1a6432db4b53f29115b9a137e0a9b5f72d63
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:39 -0300
+Date: 2013-08-16 04:52:51 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
diff --git a/patches/remove-sysdeps-ieee754-support.patch b/patches/remove-sysdeps-ieee754-support.patch
index 69f8047..7a78a03 100644
--- a/patches/remove-sysdeps-ieee754-support.patch
+++ b/patches/remove-sysdeps-ieee754-support.patch
@@ -1,7 +1,7 @@
-Bottom: 0cde62ba14858955eaea55ab1c1dff0f01f3a01a
-Top: 50e2fbc0bfe0ec92d66e09e6b0891dfd6c8d53b7
+Bottom: 411b24ed46994f8860e4a688d6846bba3af6a601
+Top: 3e408a78cb48814b5d0267f4ac1660cd08e00d24
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 00:32:53 -0300
+Date: 2013-08-16 04:52:52 -0300
Remove unused sysdeps/ieee754/support.c.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index eec1d7e..2b74aea 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: b937cc635d4d2275aefa75f55fe195e302fbe4e3
-Top: 0cde62ba14858955eaea55ab1c1dff0f01f3a01a
+Bottom: 16be1a6432db4b53f29115b9a137e0a9b5f72d63
+Top: 411b24ed46994f8860e4a688d6846bba3af6a601
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:39 -0300
+Date: 2013-08-16 04:52:51 -0300
Rename unused scalb to scalbn to match prototype.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cf9af743e59dfbf5fda5a2a47c3e79180f45abdb
commit cf9af743e59dfbf5fda5a2a47c3e79180f45abdb
Merge: 8482cc6 ca6ff75 cccee05
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:57 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8482cc6da6e9bbd28bfe1e80fd39dbad3ce7a3e3
commit 8482cc6da6e9bbd28bfe1e80fd39dbad3ce7a3e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:57 2013 -0300
push
diff --git a/meta b/meta
index ac4a0a9..51877f4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 554b381a96e944c0f8154539602f5198d1174a22
-Head: 05c3b86470f7b78f9e514bd75ab3c578632a565e
+Previous: cccee05222f6772a39cbeff86aee5e69c20800ec
+Head: ca6ff75c053a2dc37c42b12d238e3397c604960b
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -20,15 +20,15 @@ Applied:
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
manual-document-mt-safety-llio.patch: 05c3b86470f7b78f9e514bd75ab3c578632a565e
+ manual-document-mt-safety-stdio.patch: e0a2fb9204aeacafd5d47526aca8d0a0d3516b24
+ wip-manual-document-mt-safety-locale.patch: 25716969ed7bd40d588ad87a4199c942e09cb030
+ wip-manual-document-mt-safety-math.patch: 2040739b74bca159cee9d298f3e2b9f1c6419c10
+ wip-manual-document-mt-safety-startup.patch: 740bcbf778d5290c8109de9b137c0490ca6bd44c
+ wip-manual-document-mt-safety-search.patch: fc167765de08d9cc6eeefe08d13b8042927d4c46
+ wip-manual-document-mt-safety-resource.patch: d44818daeeff4059e760cd5ea9f085bf182eb717
+ wip-manual-document-mt-safety-string.patch: 4081c255aff07502983a04524774c57774175012
+ wip-manual-document-mt-safety-terminal.patch: 3497681f7e488536c7e151c731fff1a56e012b7d
+ wip-manual-document-mt-safety-threads.patch: c0dc224a795deac0cc8aacebcade8ae14842af01
+ wip-manual-document-mt-safety-time.patch: ca6ff75c053a2dc37c42b12d238e3397c604960b
Unapplied:
- manual-document-mt-safety-stdio.patch: 572386734b3f9026025b6e60f2228c9f1ef0d4df
- wip-manual-document-mt-safety-locale.patch: a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
- wip-manual-document-mt-safety-math.patch: 7920ad2e3774239d123ce62cd383720426b44135
- wip-manual-document-mt-safety-startup.patch: 504c5cdd62bacdeae9ba6f7550489a423eb8a67d
- wip-manual-document-mt-safety-search.patch: efc52b412d2d5f65ac9ecaf68cda4e1162266950
- wip-manual-document-mt-safety-resource.patch: dbb35227cf0315c69f5a1194567dddd28783220f
- wip-manual-document-mt-safety-string.patch: 92527f1339cb3a36dcf9205dd9beee30d6ddf61c
- wip-manual-document-mt-safety-terminal.patch: c7d4f8fa7082247cd3fc7df9be81db43d8ab58c8
- wip-manual-document-mt-safety-threads.patch: 9c43a2b276badc905035a6b2e236c71505455f4e
- wip-manual-document-mt-safety-time.patch: 92cf02f3b8f1ded1ab0b40e598db58d47798032f
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 425de60..3de963c 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 70450337f67d11a45e01f8b02431ebb6673feb3e
-Top: e752d10b13d788334efeca8df965648711f065b8
+Bottom: 2ababec10bdc79e391c0dcfade6046586526bff9
+Top: d690f2a44f6c21eb342e9a3e7523dc72068502a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 40ed885..a8e5755 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e752d10b13d788334efeca8df965648711f065b8
-Top: 266a8601bddcaf307b45fc05a4260787db0e6856
+Bottom: d690f2a44f6c21eb342e9a3e7523dc72068502a3
+Top: 481e29ddef07c3cc482dc5a495a3e73b301a97f3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 65e5ca7..27aa7ee 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 266a8601bddcaf307b45fc05a4260787db0e6856
-Top: 70f620109a737254c3625806efb80fdaee04f15b
+Bottom: 481e29ddef07c3cc482dc5a495a3e73b301a97f3
+Top: 9f9c0f06c0d34f15d4b04a2a152676ffd52e8df7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index b385d72..0574acd 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 110587b84e839d24b49b06c72adac07e1b608d94
-Top: 6ffe7a66b2b3229a0286930c23a83d4d6d915933
+Bottom: 33e1f4fae29f5947f17f70936d3d315b01dff62f
+Top: 3e9c626e7fe436b3de908fc12ed371d066d8f391
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 160c1f8..ee61379 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 37185242102b30e75f0b0d0c5e7196aded93c284
-Top: 110587b84e839d24b49b06c72adac07e1b608d94
+Bottom: cf86ac4dd59923640662568a6cede5e573261672
+Top: 33e1f4fae29f5947f17f70936d3d315b01dff62f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index fed6a93..a9dfcb5 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 70f620109a737254c3625806efb80fdaee04f15b
-Top: 37185242102b30e75f0b0d0c5e7196aded93c284
+Bottom: 9f9c0f06c0d34f15d4b04a2a152676ffd52e8df7
+Top: cf86ac4dd59923640662568a6cede5e573261672
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 552db1e..395919e 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 6ffe7a66b2b3229a0286930c23a83d4d6d915933
-Top: 6eb8d67c9bdb85dc5bab11e1d652794f9a53ce22
+Bottom: 3e9c626e7fe436b3de908fc12ed371d066d8f391
+Top: c89da0b4d41a5745fd4e2551d486e9d9dd0d56d1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 8a27596..5ed60c1 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 6eb8d67c9bdb85dc5bab11e1d652794f9a53ce22
-Top: 12f26fdb9cef342cad845ae75f3c0d8506505bf7
+Bottom: c89da0b4d41a5745fd4e2551d486e9d9dd0d56d1
+Top: 8cea251adc99eb63d9bdc273e9afd6cd37042dcc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index dc5d838..c8cfc0b 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 12f26fdb9cef342cad845ae75f3c0d8506505bf7
-Top: 8f34e176a621bbe4f96be6fefd72589012261428
+Bottom: 8cea251adc99eb63d9bdc273e9afd6cd37042dcc
+Top: 62785faca46da74e7a2dced79e5b7e422ee534f3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 43b3a63..c9b5cb3 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 8f34e176a621bbe4f96be6fefd72589012261428
-Top: 6e96df8705d60c67a265fd5acf7f506fd67f4782
+Bottom: 62785faca46da74e7a2dced79e5b7e422ee534f3
+Top: 85ac7ce981e14893c88c124b59ba947a9ba69034
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca6ff75c053a2dc37c42b12d238e3397c604960b
commit ca6ff75c053a2dc37c42b12d238e3397c604960b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0dc224a795deac0cc8aacebcade8ae14842af01
commit c0dc224a795deac0cc8aacebcade8ae14842af01
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3497681f7e488536c7e151c731fff1a56e012b7d
commit 3497681f7e488536c7e151c731fff1a56e012b7d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4081c255aff07502983a04524774c57774175012
commit 4081c255aff07502983a04524774c57774175012
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d44818daeeff4059e760cd5ea9f085bf182eb717
commit d44818daeeff4059e760cd5ea9f085bf182eb717
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc167765de08d9cc6eeefe08d13b8042927d4c46
commit fc167765de08d9cc6eeefe08d13b8042927d4c46
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=740bcbf778d5290c8109de9b137c0490ca6bd44c
commit 740bcbf778d5290c8109de9b137c0490ca6bd44c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2040739b74bca159cee9d298f3e2b9f1c6419c10
commit 2040739b74bca159cee9d298f3e2b9f1c6419c10
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=25716969ed7bd40d588ad87a4199c942e09cb030
commit 25716969ed7bd40d588ad87a4199c942e09cb030
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e0a2fb9204aeacafd5d47526aca8d0a0d3516b24
commit e0a2fb9204aeacafd5d47526aca8d0a0d3516b24
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cccee05222f6772a39cbeff86aee5e69c20800ec
commit cccee05222f6772a39cbeff86aee5e69c20800ec
Merge: d41406e 05c3b86 554b381
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:47 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d41406ec4a3470eb11fb643f7d5d3e4ca5693764
commit d41406ec4a3470eb11fb643f7d5d3e4ca5693764
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:47 2013 -0300
refresh
diff --git a/meta b/meta
index 529af8a..ac4a0a9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0be4967a4ac472eaab48e73093280305499c0967
-Head: 21e4f8f2a2a89b0bd1927926f4d03034066b1402
+Previous: 554b381a96e944c0f8154539602f5198d1174a22
+Head: 05c3b86470f7b78f9e514bd75ab3c578632a565e
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -19,8 +19,7 @@ Applied:
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
- manual-document-mt-safety-llio.patch: 9992d089f12b96c05738ef8524aa16917cbee72a
- refresh-temp: 21e4f8f2a2a89b0bd1927926f4d03034066b1402
+ manual-document-mt-safety-llio.patch: 05c3b86470f7b78f9e514bd75ab3c578632a565e
Unapplied:
manual-document-mt-safety-stdio.patch: 572386734b3f9026025b6e60f2228c9f1ef0d4df
wip-manual-document-mt-safety-locale.patch: a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index c87a4f8..28a9a28 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
Bottom: fc738e25133a6fc7d7d322e4aaa73f98f45ee411
-Top: 70450337f67d11a45e01f8b02431ebb6673feb3e
+Top: 2ababec10bdc79e391c0dcfade6046586526bff9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/llio.texi b/manual/llio.texi
-index b129cf4..66370c4 100644
+index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@@ -156,20 +156,19 @@ index b129cf4..66370c4 100644
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
-@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
+@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
--
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
+
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
- @var{count} structures long. As each buffer is filled, data is sent to the
-@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
+@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
@@ -181,7 +180,7 @@ index b129cf4..66370c4 100644
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
-@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
+@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
@@ -189,7 +188,7 @@ index b129cf4..66370c4 100644
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
-@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
+@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
@@ -199,7 +198,7 @@ index b129cf4..66370c4 100644
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
-@@ -1284,6 +1325,7 @@ replaces the old API.
+@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
@@ -207,7 +206,7 @@ index b129cf4..66370c4 100644
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
-@@ -1310,6 +1352,7 @@ aligned.
+@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
@@ -215,7 +214,7 @@ index b129cf4..66370c4 100644
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
-@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
+@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
@@ -223,7 +222,7 @@ index b129cf4..66370c4 100644
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
-@@ -1405,6 +1449,7 @@ Coding Standards}.
+@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
@@ -231,7 +230,7 @@ index b129cf4..66370c4 100644
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
-@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
+@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
@@ -239,7 +238,7 @@ index b129cf4..66370c4 100644
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
-@@ -1538,6 +1584,9 @@ empty set.
+@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
@@ -249,7 +248,7 @@ index b129cf4..66370c4 100644
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
-@@ -1547,6 +1596,9 @@ evaluated more than once.
+@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
@@ -259,7 +258,7 @@ index b129cf4..66370c4 100644
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
-@@ -1556,6 +1608,7 @@ evaluated more than once.
+@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
@@ -267,7 +266,7 @@ index b129cf4..66370c4 100644
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
-@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
+@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
@@ -278,7 +277,7 @@ index b129cf4..66370c4 100644
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
-@@ -1670,6 +1727,7 @@ they return.
+@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
@@ -286,7 +285,7 @@ index b129cf4..66370c4 100644
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
-@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
+@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
@@ -294,7 +293,7 @@ index b129cf4..66370c4 100644
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
-@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
+@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
@@ -302,7 +301,7 @@ index b129cf4..66370c4 100644
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
-@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
+@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
@@ -461,7 +460,7 @@ index b129cf4..66370c4 100644
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
-@@ -1988,6 +2200,7 @@ replaces the normal implementation.
+@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
@@ -469,7 +468,7 @@ index b129cf4..66370c4 100644
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
-@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
+@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
@@ -477,7 +476,7 @@ index b129cf4..66370c4 100644
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
-@@ -2072,6 +2286,7 @@ replaces the normal implementation.
+@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
@@ -485,7 +484,7 @@ index b129cf4..66370c4 100644
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
-@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
+@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
@@ -498,7 +497,7 @@ index b129cf4..66370c4 100644
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
-@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
+@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
@@ -506,7 +505,7 @@ index b129cf4..66370c4 100644
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
-@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
+@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
@@ -514,7 +513,7 @@ index b129cf4..66370c4 100644
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
-@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
+@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
@@ -522,7 +521,7 @@ index b129cf4..66370c4 100644
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
-@@ -2238,6 +2462,7 @@ machines.
+@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
@@ -530,7 +529,7 @@ index b129cf4..66370c4 100644
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
-@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
+@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
@@ -538,7 +537,7 @@ index b129cf4..66370c4 100644
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
-@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
+@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
@@ -548,7 +547,7 @@ index b129cf4..66370c4 100644
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
-@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
+@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
@@ -556,7 +555,7 @@ index b129cf4..66370c4 100644
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
-@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
+@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
@@ -566,7 +565,7 @@ index b129cf4..66370c4 100644
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
-@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
+@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
@@ -574,7 +573,7 @@ index b129cf4..66370c4 100644
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
-@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
+@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
@@ -591,7 +590,7 @@ index b129cf4..66370c4 100644
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
-@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
+@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
@@ -599,7 +598,7 @@ index b129cf4..66370c4 100644
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
-@@ -2529,6 +2774,8 @@ Unused.
+@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
@@ -608,7 +607,7 @@ index b129cf4..66370c4 100644
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
-@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
+@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
@@ -616,7 +615,7 @@ index b129cf4..66370c4 100644
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
-@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
+@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
@@ -624,7 +623,7 @@ index b129cf4..66370c4 100644
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
-@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
@@ -632,7 +631,7 @@ index b129cf4..66370c4 100644
This function copies the descriptor @var{old} to descriptor number
@var{new}.
-@@ -3631,6 +3881,7 @@ different headers.
+@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
@@ -640,7 +639,7 @@ index b129cf4..66370c4 100644
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
-@@ -3650,3 +3901,6 @@ unknown device.
+@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 4c8cfb0..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,21 +0,0 @@
-Bottom: 70450337f67d11a45e01f8b02431ebb6673feb3e
-Top: 2ababec10bdc79e391c0dcfade6046586526bff9
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:22:46 -0300
-
-Refresh of manual-document-mt-safety-llio.patch
-
----
-
-diff --git a/manual/llio.texi b/manual/llio.texi
-index 66370c4..c350585 100644
---- a/manual/llio.texi
-+++ b/manual/llio.texi
-@@ -1104,6 +1104,7 @@ Contains the length of the buffer.
- @c with old kernels that lack a full readv/writev implementation, may
- @c malloc the buffer into which data is read, if the total read size is
- @c too large for alloca.
-+
- The @code{readv} function reads data from @var{filedes} and scatters it
- into the buffers described in @var{vector}, which is taken to be
- @var{count} structures long. As each buffer is filled, data is sent to the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=554b381a96e944c0f8154539602f5198d1174a22
commit 554b381a96e944c0f8154539602f5198d1174a22
Merge: 259ab0d 0be4967 21e4f8f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:46 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=259ab0d8e335c2bc07f4ba80d69813f1528c2609
commit 259ab0d8e335c2bc07f4ba80d69813f1528c2609
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:46 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index e65cb3f..529af8a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 95b05fe32d91f7cdf631389a6f24fa635a3a0f69
-Head: 9992d089f12b96c05738ef8524aa16917cbee72a
+Previous: 0be4967a4ac472eaab48e73093280305499c0967
+Head: 21e4f8f2a2a89b0bd1927926f4d03034066b1402
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
manual-document-mt-safety-llio.patch: 9992d089f12b96c05738ef8524aa16917cbee72a
+ refresh-temp: 21e4f8f2a2a89b0bd1927926f4d03034066b1402
Unapplied:
manual-document-mt-safety-stdio.patch: 572386734b3f9026025b6e60f2228c9f1ef0d4df
wip-manual-document-mt-safety-locale.patch: a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..4c8cfb0
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,21 @@
+Bottom: 70450337f67d11a45e01f8b02431ebb6673feb3e
+Top: 2ababec10bdc79e391c0dcfade6046586526bff9
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 04:22:46 -0300
+
+Refresh of manual-document-mt-safety-llio.patch
+
+---
+
+diff --git a/manual/llio.texi b/manual/llio.texi
+index 66370c4..c350585 100644
+--- a/manual/llio.texi
++++ b/manual/llio.texi
+@@ -1104,6 +1104,7 @@ Contains the length of the buffer.
+ @c with old kernels that lack a full readv/writev implementation, may
+ @c malloc the buffer into which data is read, if the total read size is
+ @c too large for alloca.
++
+ The @code{readv} function reads data from @var{filedes} and scatters it
+ into the buffers described in @var{vector}, which is taken to be
+ @var{count} structures long. As each buffer is filled, data is sent to the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=21e4f8f2a2a89b0bd1927926f4d03034066b1402
commit 21e4f8f2a2a89b0bd1927926f4d03034066b1402
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:22:46 2013 -0300
Refresh of manual-document-mt-safety-llio.patch
diff --git a/manual/llio.texi b/manual/llio.texi
index 66370c4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -1104,6 +1104,7 @@ Contains the length of the buffer.
@c with old kernels that lack a full readv/writev implementation, may
@c malloc the buffer into which data is read, if the total read size is
@c too large for alloca.
+
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0be4967a4ac472eaab48e73093280305499c0967
commit 0be4967a4ac472eaab48e73093280305499c0967
Merge: 22fb8a2 95b05fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:21:25 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22fb8a25581baa536a83f43098e1defd2abf6c80
commit 22fb8a25581baa536a83f43098e1defd2abf6c80
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:21:25 2013 -0300
goto
diff --git a/meta b/meta
index 1cd20b8..e65cb3f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2f5054826615e2e6fc557b9aff0c1a4902a09c44
-Head: 92cf02f3b8f1ded1ab0b40e598db58d47798032f
+Previous: 95b05fe32d91f7cdf631389a6f24fa635a3a0f69
+Head: 9992d089f12b96c05738ef8524aa16917cbee72a
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
manual-document-mt-safety-llio.patch: 9992d089f12b96c05738ef8524aa16917cbee72a
+Unapplied:
manual-document-mt-safety-stdio.patch: 572386734b3f9026025b6e60f2228c9f1ef0d4df
wip-manual-document-mt-safety-locale.patch: a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
wip-manual-document-mt-safety-math.patch: 7920ad2e3774239d123ce62cd383720426b44135
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: c7d4f8fa7082247cd3fc7df9be81db43d8ab58c8
wip-manual-document-mt-safety-threads.patch: 9c43a2b276badc905035a6b2e236c71505455f4e
wip-manual-document-mt-safety-time.patch: 92cf02f3b8f1ded1ab0b40e598db58d47798032f
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95b05fe32d91f7cdf631389a6f24fa635a3a0f69
commit 95b05fe32d91f7cdf631389a6f24fa635a3a0f69
Merge: f16491c 92cf02f 2f50548
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:51 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f16491c27149d3133dc1627452c3dca742f62ff1
commit f16491c27149d3133dc1627452c3dca742f62ff1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:51 2013 -0300
push
diff --git a/meta b/meta
index 8461e75..1cd20b8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 707a7abaa781a9a10ad887ff54cde0f90ed0e769
-Head: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
+Previous: 2f5054826615e2e6fc557b9aff0c1a4902a09c44
+Head: 92cf02f3b8f1ded1ab0b40e598db58d47798032f
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -19,16 +19,16 @@ Applied:
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
+ manual-document-mt-safety-llio.patch: 9992d089f12b96c05738ef8524aa16917cbee72a
+ manual-document-mt-safety-stdio.patch: 572386734b3f9026025b6e60f2228c9f1ef0d4df
+ wip-manual-document-mt-safety-locale.patch: a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
+ wip-manual-document-mt-safety-math.patch: 7920ad2e3774239d123ce62cd383720426b44135
+ wip-manual-document-mt-safety-startup.patch: 504c5cdd62bacdeae9ba6f7550489a423eb8a67d
+ wip-manual-document-mt-safety-search.patch: efc52b412d2d5f65ac9ecaf68cda4e1162266950
+ wip-manual-document-mt-safety-resource.patch: dbb35227cf0315c69f5a1194567dddd28783220f
+ wip-manual-document-mt-safety-string.patch: 92527f1339cb3a36dcf9205dd9beee30d6ddf61c
+ wip-manual-document-mt-safety-terminal.patch: c7d4f8fa7082247cd3fc7df9be81db43d8ab58c8
+ wip-manual-document-mt-safety-threads.patch: 9c43a2b276badc905035a6b2e236c71505455f4e
+ wip-manual-document-mt-safety-time.patch: 92cf02f3b8f1ded1ab0b40e598db58d47798032f
Unapplied:
- manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
- manual-document-mt-safety-stdio.patch: 9c1671ce52190da483b6ed123ca0c0a7024d1eb8
- wip-manual-document-mt-safety-locale.patch: 5b196df6f05274d7d3fd4234ab11e9178803db7c
- wip-manual-document-mt-safety-math.patch: ea2dbc48a6bc628804b250481195bfbad0d9a21b
- wip-manual-document-mt-safety-startup.patch: 76e471e83914edb584ccb70db15f70f50f9ee13d
- wip-manual-document-mt-safety-search.patch: d7ed3ad174a71581ec2932ab4a384c8266aec68f
- wip-manual-document-mt-safety-resource.patch: a767734d6decbc515b2ce8685565558c574f1425
- wip-manual-document-mt-safety-string.patch: b6e62ea39a43e0122e82c5090f6aba03894b4be2
- wip-manual-document-mt-safety-terminal.patch: 275006e938dbc65a49bcb7e6da2a71e096da3834
- wip-manual-document-mt-safety-threads.patch: 189493f2451b72c60eb8695626ffc08d7584b4f2
- wip-manual-document-mt-safety-time.patch: b6437025912d8b67e3e8ecef23a518fa95899c33
Hidden:
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 891b000..c87a4f8 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 85976e9026712b280af25c21b6bbad2161b83adc
-Top: 4b6492a76ca07bdd09694a3d815b525f7521be6e
+Bottom: fc738e25133a6fc7d7d322e4aaa73f98f45ee411
+Top: 70450337f67d11a45e01f8b02431ebb6673feb3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index dd4e6a1..425de60 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 4b6492a76ca07bdd09694a3d815b525f7521be6e
-Top: 1e288609bd4b8602bc5c4017a4d64a5a266f5cf3
+Bottom: 70450337f67d11a45e01f8b02431ebb6673feb3e
+Top: e752d10b13d788334efeca8df965648711f065b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 5f8aa21..40ed885 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 1e288609bd4b8602bc5c4017a4d64a5a266f5cf3
-Top: 3f26707a55cc4b3743d8b20310060091a2722bf9
+Bottom: e752d10b13d788334efeca8df965648711f065b8
+Top: 266a8601bddcaf307b45fc05a4260787db0e6856
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 35f4e1e..65e5ca7 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 3f26707a55cc4b3743d8b20310060091a2722bf9
-Top: a11c98df057934d5126974498680ca02e63cc81c
+Bottom: 266a8601bddcaf307b45fc05a4260787db0e6856
+Top: 70f620109a737254c3625806efb80fdaee04f15b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 69c8edf..b385d72 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 2f06c88f5e067c0ad69f34d0275014d09ff57a22
-Top: 29dcdfd1aff6c660e2916c04bc93e2e1e0a0b05f
+Bottom: 110587b84e839d24b49b06c72adac07e1b608d94
+Top: 6ffe7a66b2b3229a0286930c23a83d4d6d915933
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 81e4fc8..160c1f8 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 59d7e766f0565010748967e59406197c13ccae47
-Top: 2f06c88f5e067c0ad69f34d0275014d09ff57a22
+Bottom: 37185242102b30e75f0b0d0c5e7196aded93c284
+Top: 110587b84e839d24b49b06c72adac07e1b608d94
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 48ee6f2..fed6a93 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: a11c98df057934d5126974498680ca02e63cc81c
-Top: 59d7e766f0565010748967e59406197c13ccae47
+Bottom: 70f620109a737254c3625806efb80fdaee04f15b
+Top: 37185242102b30e75f0b0d0c5e7196aded93c284
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index bd701bf..552db1e 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 29dcdfd1aff6c660e2916c04bc93e2e1e0a0b05f
-Top: 6214ba87d46caf799e26d9dec166b0f306946143
+Bottom: 6ffe7a66b2b3229a0286930c23a83d4d6d915933
+Top: 6eb8d67c9bdb85dc5bab11e1d652794f9a53ce22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 462849f..8a27596 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 6214ba87d46caf799e26d9dec166b0f306946143
-Top: 8ba6d8af046244985877511430d034165f4c58fc
+Bottom: 6eb8d67c9bdb85dc5bab11e1d652794f9a53ce22
+Top: 12f26fdb9cef342cad845ae75f3c0d8506505bf7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 9e05d78..dc5d838 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 8ba6d8af046244985877511430d034165f4c58fc
-Top: fe5e48500cc7598452d5345c04173ce23157e134
+Bottom: 12f26fdb9cef342cad845ae75f3c0d8506505bf7
+Top: 8f34e176a621bbe4f96be6fefd72589012261428
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 82bbd95..43b3a63 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: fe5e48500cc7598452d5345c04173ce23157e134
-Top: f9638e8d77bd09a6d39e04eb72367337c9d9e95a
+Bottom: 8f34e176a621bbe4f96be6fefd72589012261428
+Top: 6e96df8705d60c67a265fd5acf7f506fd67f4782
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92cf02f3b8f1ded1ab0b40e598db58d47798032f
commit 92cf02f3b8f1ded1ab0b40e598db58d47798032f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c43a2b276badc905035a6b2e236c71505455f4e
commit 9c43a2b276badc905035a6b2e236c71505455f4e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7d4f8fa7082247cd3fc7df9be81db43d8ab58c8
commit c7d4f8fa7082247cd3fc7df9be81db43d8ab58c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92527f1339cb3a36dcf9205dd9beee30d6ddf61c
commit 92527f1339cb3a36dcf9205dd9beee30d6ddf61c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dbb35227cf0315c69f5a1194567dddd28783220f
commit dbb35227cf0315c69f5a1194567dddd28783220f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=efc52b412d2d5f65ac9ecaf68cda4e1162266950
commit efc52b412d2d5f65ac9ecaf68cda4e1162266950
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=504c5cdd62bacdeae9ba6f7550489a423eb8a67d
commit 504c5cdd62bacdeae9ba6f7550489a423eb8a67d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7920ad2e3774239d123ce62cd383720426b44135
commit 7920ad2e3774239d123ce62cd383720426b44135
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
commit a82b9814d4f81db18ea5c553cd5dc5fbf31bdb1e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=572386734b3f9026025b6e60f2228c9f1ef0d4df
commit 572386734b3f9026025b6e60f2228c9f1ef0d4df
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=05c3b86470f7b78f9e514bd75ab3c578632a565e
commit 05c3b86470f7b78f9e514bd75ab3c578632a565e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..c350585 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,6 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@@ -1089,6 +1122,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1187,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1307,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1326,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1353,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1401,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1450,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1577,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1585,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1597,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1609,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1622,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1728,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1744,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1782,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1984,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2201,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2220,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2287,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2309,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2398,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2427,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2449,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2463,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2487,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2516,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2566,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2593,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2634,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2662,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2719,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2775,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2811,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2894,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2903,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3882,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3902,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9992d089f12b96c05738ef8524aa16917cbee72a
commit 9992d089f12b96c05738ef8524aa16917cbee72a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2f5054826615e2e6fc557b9aff0c1a4902a09c44
commit 2f5054826615e2e6fc557b9aff0c1a4902a09c44
Merge: d07b235 5de7ed3 707a7ab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:48 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d07b2357bf8b454d3bd8eda92712fc82c584bbed
commit d07b2357bf8b454d3bd8eda92712fc82c584bbed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:48 2013 -0300
push
diff --git a/meta b/meta
index 9b2186f..8461e75 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: abd4a6204043df6d8d24d5b81f86b9d4d6b8fd81
-Head: 1da38dc05daeed4e2d77f2923bb588bf259a7549
+Previous: 707a7abaa781a9a10ad887ff54cde0f90ed0e769
+Head: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -18,8 +18,8 @@ Applied:
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
+ manual-document-mt-safety-lang.patch: 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
Unapplied:
- manual-document-mt-safety-lang.patch: 41141365901b63e8e55ec323d5ee88c0a5815b44
manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
manual-document-mt-safety-stdio.patch: 9c1671ce52190da483b6ed123ca0c0a7024d1eb8
wip-manual-document-mt-safety-locale.patch: 5b196df6f05274d7d3fd4234ab11e9178803db7c
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 21a368c..4c352a3 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
-Top: 85976e9026712b280af25c21b6bbad2161b83adc
+Bottom: c154c087966f912177b97ba1d21240ba8d015145
+Top: fc738e25133a6fc7d7d322e4aaa73f98f45ee411
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
commit 5de7ed36be7b0c688b7b7b04bad5201b02ea50f0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=707a7abaa781a9a10ad887ff54cde0f90ed0e769
commit 707a7abaa781a9a10ad887ff54cde0f90ed0e769
Merge: 5f28a96 abd4a62 1da38dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:46 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5f28a96b61497665aaf2192a8b7f14cbc12424bc
commit 5f28a96b61497665aaf2192a8b7f14cbc12424bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:46 2013 -0300
refresh
diff --git a/meta b/meta
index 7856690..9b2186f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: fecbbf3ca724921c2abe44f2d591f869a284a1fc
-Head: 557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
+Previous: abd4a6204043df6d8d24d5b81f86b9d4d6b8fd81
+Head: 1da38dc05daeed4e2d77f2923bb588bf259a7549
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -17,8 +17,7 @@ Applied:
manual-document-mt-safety-filesys.patch: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
- manual-document-mt-safety-job.patch: 4d2559566ff7755a036f856a9b4b701bafb4cc66
- refresh-temp: 557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
+ manual-document-mt-safety-job.patch: 1da38dc05daeed4e2d77f2923bb588bf259a7549
Unapplied:
manual-document-mt-safety-lang.patch: 41141365901b63e8e55ec323d5ee88c0a5815b44
manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 4195aa0..dd27713 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
Bottom: 6e873142fc9dc8e6673808013c93d2c58ce98443
-Top: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
+Top: c154c087966f912177b97ba1d21240ba8d015145
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/job.texi b/manual/job.texi
-index 4efeed3..779ea96 100644
+index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@@ -39,17 +39,16 @@ index 4efeed3..779ea96 100644
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
-@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
+@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
--
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
+
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
- process group ID of the session leader of the current process is
-@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
+@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
@@ -58,7 +57,7 @@ index 4efeed3..779ea96 100644
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
-@@ -1141,6 +1153,8 @@ the calling process.
+@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
@@ -67,7 +66,7 @@ index 4efeed3..779ea96 100644
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
-@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
+@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
@@ -76,7 +75,7 @@ index 4efeed3..779ea96 100644
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
-@@ -1171,6 +1187,8 @@ process.
+@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
@@ -85,7 +84,7 @@ index 4efeed3..779ea96 100644
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
-@@ -1208,6 +1226,8 @@ process or a child of the calling process.
+@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
@@ -94,7 +93,7 @@ index 4efeed3..779ea96 100644
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
-@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
+@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
@@ -103,7 +102,7 @@ index 4efeed3..779ea96 100644
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
-@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
+@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
@@ -112,7 +111,7 @@ index 4efeed3..779ea96 100644
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
-@@ -1297,6 +1321,8 @@ process.
+@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 8491209..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,21 +0,0 @@
-Bottom: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
-Top: c154c087966f912177b97ba1d21240ba8d015145
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:16:45 -0300
-
-Refresh of manual-document-mt-safety-job.patch
-
----
-
-diff --git a/manual/job.texi b/manual/job.texi
-index 779ea96..2c46771 100644
---- a/manual/job.texi
-+++ b/manual/job.texi
-@@ -1109,6 +1109,7 @@ already another process group around that has the same process group ID.
- @deftypefun pid_t getsid (pid_t @var{pid})
- @safety{@mtsafe{}@assafe{}@acsafe{}}
- @c Stub or direct syscall, except on hurd, where it is equally safe.
-+
- The @code{getsid} function returns the process group ID of the session
- leader of the specified process. If a @var{pid} is @code{0}, the
- process group ID of the session leader of the current process is
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abd4a6204043df6d8d24d5b81f86b9d4d6b8fd81
commit abd4a6204043df6d8d24d5b81f86b9d4d6b8fd81
Merge: a3d3ce2 fecbbf3 557ddf1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:46 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a3d3ce2b4e55a442b9b325ec250e436b409b35c9
commit a3d3ce2b4e55a442b9b325ec250e436b409b35c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:46 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 5e6583f..7856690 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0f8b761b3aec9a666a413c639b2774027e0597fe
-Head: 4d2559566ff7755a036f856a9b4b701bafb4cc66
+Previous: fecbbf3ca724921c2abe44f2d591f869a284a1fc
+Head: 557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -18,6 +18,7 @@ Applied:
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 4d2559566ff7755a036f856a9b4b701bafb4cc66
+ refresh-temp: 557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
Unapplied:
manual-document-mt-safety-lang.patch: 41141365901b63e8e55ec323d5ee88c0a5815b44
manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..8491209
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,21 @@
+Bottom: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
+Top: c154c087966f912177b97ba1d21240ba8d015145
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 04:16:45 -0300
+
+Refresh of manual-document-mt-safety-job.patch
+
+---
+
+diff --git a/manual/job.texi b/manual/job.texi
+index 779ea96..2c46771 100644
+--- a/manual/job.texi
++++ b/manual/job.texi
+@@ -1109,6 +1109,7 @@ already another process group around that has the same process group ID.
+ @deftypefun pid_t getsid (pid_t @var{pid})
+ @safety{@mtsafe{}@assafe{}@acsafe{}}
+ @c Stub or direct syscall, except on hurd, where it is equally safe.
++
+ The @code{getsid} function returns the process group ID of the session
+ leader of the specified process. If a @var{pid} is @code{0}, the
+ process group ID of the session leader of the current process is
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
commit 557ddf1f9c8d2be5bb5344391e1c2c6e3828eaab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:45 2013 -0300
Refresh of manual-document-mt-safety-job.patch
diff --git a/manual/job.texi b/manual/job.texi
index 779ea96..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1109,6 +1109,7 @@ already another process group around that has the same process group ID.
@deftypefun pid_t getsid (pid_t @var{pid})
@safety{@mtsafe{}@assafe{}@acsafe{}}
@c Stub or direct syscall, except on hurd, where it is equally safe.
+
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fecbbf3ca724921c2abe44f2d591f869a284a1fc
commit fecbbf3ca724921c2abe44f2d591f869a284a1fc
Merge: 2b498ca 0f8b761
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:33 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2b498ca9106f6940b55e89dc375a4c5d8193a5ac
commit 2b498ca9106f6940b55e89dc375a4c5d8193a5ac
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:16:33 2013 -0300
goto
diff --git a/meta b/meta
index 970df3a..5e6583f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4d53ec8a1a42816f64ee5b97d51b7f51ea3e9663
-Head: b6437025912d8b67e3e8ecef23a518fa95899c33
+Previous: 0f8b761b3aec9a666a413c639b2774027e0597fe
+Head: 4d2559566ff7755a036f856a9b4b701bafb4cc66
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -18,6 +18,7 @@ Applied:
manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
manual-document-mt-safety-job.patch: 4d2559566ff7755a036f856a9b4b701bafb4cc66
+Unapplied:
manual-document-mt-safety-lang.patch: 41141365901b63e8e55ec323d5ee88c0a5815b44
manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
manual-document-mt-safety-stdio.patch: 9c1671ce52190da483b6ed123ca0c0a7024d1eb8
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 275006e938dbc65a49bcb7e6da2a71e096da3834
wip-manual-document-mt-safety-threads.patch: 189493f2451b72c60eb8695626ffc08d7584b4f2
wip-manual-document-mt-safety-time.patch: b6437025912d8b67e3e8ecef23a518fa95899c33
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f8b761b3aec9a666a413c639b2774027e0597fe
commit 0f8b761b3aec9a666a413c639b2774027e0597fe
Merge: 86e1630 b643702 4d53ec8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:43 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=86e163092dbc8617c672238f249a3027675801fb
commit 86e163092dbc8617c672238f249a3027675801fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:43 2013 -0300
push
diff --git a/meta b/meta
index c8e9e17..970df3a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: db3f6f7ec0cc08d37a11bea4a290aee1c82e7a19
-Head: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
+Previous: 4d53ec8a1a42816f64ee5b97d51b7f51ea3e9663
+Head: b6437025912d8b67e3e8ecef23a518fa95899c33
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -15,20 +15,20 @@ Applied:
manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
manual-document-mt-safety-filesys.patch: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
+ manual-document-mt-safety-getopt.patch: fef40984ed247dfb08395088c2518fd52154e035
+ manual-document-mt-safety-libdl.patch: 3816c6c49233e9317ec22c571867fb8ff95c1edd
+ manual-document-mt-safety-job.patch: 4d2559566ff7755a036f856a9b4b701bafb4cc66
+ manual-document-mt-safety-lang.patch: 41141365901b63e8e55ec323d5ee88c0a5815b44
+ manual-document-mt-safety-llio.patch: 8062c6db4730855258daa75bc0bc502e65b287d9
+ manual-document-mt-safety-stdio.patch: 9c1671ce52190da483b6ed123ca0c0a7024d1eb8
+ wip-manual-document-mt-safety-locale.patch: 5b196df6f05274d7d3fd4234ab11e9178803db7c
+ wip-manual-document-mt-safety-math.patch: ea2dbc48a6bc628804b250481195bfbad0d9a21b
+ wip-manual-document-mt-safety-startup.patch: 76e471e83914edb584ccb70db15f70f50f9ee13d
+ wip-manual-document-mt-safety-search.patch: d7ed3ad174a71581ec2932ab4a384c8266aec68f
+ wip-manual-document-mt-safety-resource.patch: a767734d6decbc515b2ce8685565558c574f1425
+ wip-manual-document-mt-safety-string.patch: b6e62ea39a43e0122e82c5090f6aba03894b4be2
+ wip-manual-document-mt-safety-terminal.patch: 275006e938dbc65a49bcb7e6da2a71e096da3834
+ wip-manual-document-mt-safety-threads.patch: 189493f2451b72c60eb8695626ffc08d7584b4f2
+ wip-manual-document-mt-safety-time.patch: b6437025912d8b67e3e8ecef23a518fa95899c33
Unapplied:
- manual-document-mt-safety-getopt.patch: fd1ab5961b60c8bc5524617aba67528f45c035be
- manual-document-mt-safety-libdl.patch: 59b1677a250033e8588a31f175a0457967e20bce
- manual-document-mt-safety-job.patch: 3511ea8a2e073e03029c05ac857b8ba78d4120f3
- manual-document-mt-safety-lang.patch: af8d731747f880cbc9dcd12a20c33ae29807081a
- manual-document-mt-safety-llio.patch: c96f5dd7f4dc623d8e1b4d963da947d190b385a3
- manual-document-mt-safety-stdio.patch: b8d40c34db5a32a436bd3d93fbced3f277277bdd
- wip-manual-document-mt-safety-locale.patch: 525104cbc058b86bed62e4c6ac9d61801d8aac30
- wip-manual-document-mt-safety-math.patch: 12c7558599b93d105e50a3a4d4d37b45916653dd
- wip-manual-document-mt-safety-startup.patch: 06bca383d921a436fed841e86912f4c68c94bc52
- wip-manual-document-mt-safety-search.patch: 0e431a68abd2c68670bca4adad2da412e57ba322
- wip-manual-document-mt-safety-resource.patch: 9cb1a05651f366cb988e33e60261150697da50e9
- wip-manual-document-mt-safety-string.patch: 3ceb98893b8304c17d1075fd08cc2c16925d8d26
- wip-manual-document-mt-safety-terminal.patch: ff0748435327d4fc62cd344c4fed5b1b7c1175c3
- wip-manual-document-mt-safety-threads.patch: e19104d821eb2d831d8f4fbe98ecbe0cb7a58fab
- wip-manual-document-mt-safety-time.patch: 9d411555a9f7a2c4dcb353975d41c709ad030271
Hidden:
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 21aaf24..2b8d8e9 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: 37e7ccc382017c5f5e221e651c5ece331c8757be
-Top: 744f8962aaf3b4e0b439ff3bb97be69bad525f36
+Bottom: cdc226230e45430773c967a5b19e606c9ac5c26c
+Top: c68359c7dd9923875b40cb6b3e88ccee074aa1cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 3b8f840..4195aa0 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 62741c4a3c56289629f1e10d0ec4ca2298d5cb0d
-Top: efa976ea477ad9e56917b73191483a62a134045e
+Bottom: 6e873142fc9dc8e6673808013c93d2c58ce98443
+Top: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 2cda9f9..21a368c 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: efa976ea477ad9e56917b73191483a62a134045e
-Top: 194f0145ab08733f32fe10b68753b31e84e74328
+Bottom: 03e8d59af8e96de25460c03f60f6c5cc1a8c30d4
+Top: 85976e9026712b280af25c21b6bbad2161b83adc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 73a0c1b..8a38019 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 744f8962aaf3b4e0b439ff3bb97be69bad525f36
-Top: 62741c4a3c56289629f1e10d0ec4ca2298d5cb0d
+Bottom: c68359c7dd9923875b40cb6b3e88ccee074aa1cf
+Top: 6e873142fc9dc8e6673808013c93d2c58ce98443
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 26621ee..891b000 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 194f0145ab08733f32fe10b68753b31e84e74328
-Top: e78f0a6ed4ced2836717f8bea7d382a8ba7b66dc
+Bottom: 85976e9026712b280af25c21b6bbad2161b83adc
+Top: 4b6492a76ca07bdd09694a3d815b525f7521be6e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 7824650..dd4e6a1 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: e78f0a6ed4ced2836717f8bea7d382a8ba7b66dc
-Top: 4cbba3b6cb190622784c66924c44ac57e1c5312f
+Bottom: 4b6492a76ca07bdd09694a3d815b525f7521be6e
+Top: 1e288609bd4b8602bc5c4017a4d64a5a266f5cf3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 5aa2088..5f8aa21 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 4cbba3b6cb190622784c66924c44ac57e1c5312f
-Top: b157aa1f6755cd6bd70effcad95e6cfb3c7ad9c1
+Bottom: 1e288609bd4b8602bc5c4017a4d64a5a266f5cf3
+Top: 3f26707a55cc4b3743d8b20310060091a2722bf9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 8441128..35f4e1e 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: b157aa1f6755cd6bd70effcad95e6cfb3c7ad9c1
-Top: 20b8dc675fa6dbba870f66329160337c64509ee0
+Bottom: 3f26707a55cc4b3743d8b20310060091a2722bf9
+Top: a11c98df057934d5126974498680ca02e63cc81c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index f664e38..69c8edf 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: e4e3f5e2330e3ac6c7eae975de280f1ba8ac3479
-Top: 4b5aea59fb7148ab8339fe9c5c2fd40de20acca5
+Bottom: 2f06c88f5e067c0ad69f34d0275014d09ff57a22
+Top: 29dcdfd1aff6c660e2916c04bc93e2e1e0a0b05f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index b0190ba..81e4fc8 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 3898f41755498b36b7cd3566b90ad4f629ada674
-Top: e4e3f5e2330e3ac6c7eae975de280f1ba8ac3479
+Bottom: 59d7e766f0565010748967e59406197c13ccae47
+Top: 2f06c88f5e067c0ad69f34d0275014d09ff57a22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 01b8303..48ee6f2 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 20b8dc675fa6dbba870f66329160337c64509ee0
-Top: 3898f41755498b36b7cd3566b90ad4f629ada674
+Bottom: a11c98df057934d5126974498680ca02e63cc81c
+Top: 59d7e766f0565010748967e59406197c13ccae47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 16834fc..bd701bf 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 4b5aea59fb7148ab8339fe9c5c2fd40de20acca5
-Top: e42edee8bf1594adf7e7cfa49e197c47dcc76264
+Bottom: 29dcdfd1aff6c660e2916c04bc93e2e1e0a0b05f
+Top: 6214ba87d46caf799e26d9dec166b0f306946143
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 08a9893..462849f 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: e42edee8bf1594adf7e7cfa49e197c47dcc76264
-Top: a97217eae5c86c40da7508a90d5a8507080e1488
+Bottom: 6214ba87d46caf799e26d9dec166b0f306946143
+Top: 8ba6d8af046244985877511430d034165f4c58fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index dd9a78f..9e05d78 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: a97217eae5c86c40da7508a90d5a8507080e1488
-Top: 17d31f44b33a4efa3757560f8fab8834bd4d2d67
+Bottom: 8ba6d8af046244985877511430d034165f4c58fc
+Top: fe5e48500cc7598452d5345c04173ce23157e134
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index e96627a..82bbd95 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 17d31f44b33a4efa3757560f8fab8834bd4d2d67
-Top: ff509c08ed1dd9e766ab81dadd88d49d2c479857
+Bottom: fe5e48500cc7598452d5345c04173ce23157e134
+Top: f9638e8d77bd09a6d39e04eb72367337c9d9e95a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1da38dc05daeed4e2d77f2923bb588bf259a7549
commit 1da38dc05daeed4e2d77f2923bb588bf259a7549
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..2c46771 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,6 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
@@ -1134,6 +1145,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1154,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1164,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1188,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1227,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1251,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1281,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1322,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d2559566ff7755a036f856a9b4b701bafb4cc66
commit 4d2559566ff7755a036f856a9b4b701bafb4cc66
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6437025912d8b67e3e8ecef23a518fa95899c33
commit b6437025912d8b67e3e8ecef23a518fa95899c33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3816c6c49233e9317ec22c571867fb8ff95c1edd
commit 3816c6c49233e9317ec22c571867fb8ff95c1edd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=189493f2451b72c60eb8695626ffc08d7584b4f2
commit 189493f2451b72c60eb8695626ffc08d7584b4f2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=275006e938dbc65a49bcb7e6da2a71e096da3834
commit 275006e938dbc65a49bcb7e6da2a71e096da3834
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6e62ea39a43e0122e82c5090f6aba03894b4be2
commit b6e62ea39a43e0122e82c5090f6aba03894b4be2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a767734d6decbc515b2ce8685565558c574f1425
commit a767734d6decbc515b2ce8685565558c574f1425
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d7ed3ad174a71581ec2932ab4a384c8266aec68f
commit d7ed3ad174a71581ec2932ab4a384c8266aec68f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76e471e83914edb584ccb70db15f70f50f9ee13d
commit 76e471e83914edb584ccb70db15f70f50f9ee13d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea2dbc48a6bc628804b250481195bfbad0d9a21b
commit ea2dbc48a6bc628804b250481195bfbad0d9a21b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5b196df6f05274d7d3fd4234ab11e9178803db7c
commit 5b196df6f05274d7d3fd4234ab11e9178803db7c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c1671ce52190da483b6ed123ca0c0a7024d1eb8
commit 9c1671ce52190da483b6ed123ca0c0a7024d1eb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8062c6db4730855258daa75bc0bc502e65b287d9
commit 8062c6db4730855258daa75bc0bc502e65b287d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41141365901b63e8e55ec323d5ee88c0a5815b44
commit 41141365901b63e8e55ec323d5ee88c0a5815b44
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fef40984ed247dfb08395088c2518fd52154e035
commit fef40984ed247dfb08395088c2518fd52154e035
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d53ec8a1a42816f64ee5b97d51b7f51ea3e9663
commit 4d53ec8a1a42816f64ee5b97d51b7f51ea3e9663
Merge: 8d50f4f db3f6f7 48a6b75
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:37 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d50f4f675d63f9144c706b0835d9f47a831d924
commit 8d50f4f675d63f9144c706b0835d9f47a831d924
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:37 2013 -0300
refresh
diff --git a/meta b/meta
index 1623c59..c8e9e17 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f899ee2d78b22489d575d37a039da9a79959fbad
-Head: c5d2a98afcd5b27008893205a63f779f17aff7d4
+Previous: db3f6f7ec0cc08d37a11bea4a290aee1c82e7a19
+Head: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -14,8 +14,7 @@ Applied:
manual-document-mt-safety-ctype.patch: 1d9117d74990d3b2c143fd888d1435b627116a49
manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
- manual-document-mt-safety-filesys.patch: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
- refresh-temp: c5d2a98afcd5b27008893205a63f779f17aff7d4
+ manual-document-mt-safety-filesys.patch: 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
Unapplied:
manual-document-mt-safety-getopt.patch: fd1ab5961b60c8bc5524617aba67528f45c035be
manual-document-mt-safety-libdl.patch: 59b1677a250033e8588a31f175a0457967e20bce
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 5c7af93..f1fe08e 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
Bottom: 1ff2a8e59e8b9699588c78ee345f4d6ed95eb078
-Top: 37e7ccc382017c5f5e221e651c5ece331c8757be
+Top: cdc226230e45430773c967a5b19e606c9ac5c26c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..47176cc 100644
+index 1df9cf2..b5b6630 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@@ -773,7 +773,7 @@ index 1df9cf2..47176cc 100644
+@c fchmodat
+@c fchownat
+@c futimesat
-+@c fstatat
++@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index ba78439..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 37e7ccc382017c5f5e221e651c5ece331c8757be
-Top: cdc226230e45430773c967a5b19e606c9ac5c26c
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:11:37 -0300
-
-Refresh of manual-document-mt-safety-filesys.patch
-
----
-
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 47176cc..b5b6630 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -3523,7 +3523,7 @@ The @code{mkdtemp} function comes from OpenBSD.
- @c fchmodat
- @c fchownat
- @c futimesat
--@c fstatat
-+@c fstatat (there's a commented-out safety assessment for this one)
- @c linkat
- @c mkdirat
- @c mkfifoat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=db3f6f7ec0cc08d37a11bea4a290aee1c82e7a19
commit db3f6f7ec0cc08d37a11bea4a290aee1c82e7a19
Merge: c35b583 f899ee2 c5d2a98
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:37 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c35b583378f2041da1b8b5e87fa79b02998d43e4
commit c35b583378f2041da1b8b5e87fa79b02998d43e4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:37 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index e9a79ed..1623c59 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2dbeabc90d3187cb757660ab99b1aac6dbe2a766
-Head: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
+Previous: f899ee2d78b22489d575d37a039da9a79959fbad
+Head: c5d2a98afcd5b27008893205a63f779f17aff7d4
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
manual-document-mt-safety-filesys.patch: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
+ refresh-temp: c5d2a98afcd5b27008893205a63f779f17aff7d4
Unapplied:
manual-document-mt-safety-getopt.patch: fd1ab5961b60c8bc5524617aba67528f45c035be
manual-document-mt-safety-libdl.patch: 59b1677a250033e8588a31f175a0457967e20bce
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..ba78439
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 37e7ccc382017c5f5e221e651c5ece331c8757be
+Top: cdc226230e45430773c967a5b19e606c9ac5c26c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 04:11:37 -0300
+
+Refresh of manual-document-mt-safety-filesys.patch
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 47176cc..b5b6630 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -3523,7 +3523,7 @@ The @code{mkdtemp} function comes from OpenBSD.
+ @c fchmodat
+ @c fchownat
+ @c futimesat
+-@c fstatat
++@c fstatat (there's a commented-out safety assessment for this one)
+ @c linkat
+ @c mkdirat
+ @c mkfifoat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c5d2a98afcd5b27008893205a63f779f17aff7d4
commit c5d2a98afcd5b27008893205a63f779f17aff7d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:11:37 2013 -0300
Refresh of manual-document-mt-safety-filesys.patch
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 47176cc..b5b6630 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -3523,7 +3523,7 @@ The @code{mkdtemp} function comes from OpenBSD.
@c fchmodat
@c fchownat
@c futimesat
-@c fstatat
+@c fstatat (there's a commented-out safety assessment for this one)
@c linkat
@c mkdirat
@c mkfifoat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f899ee2d78b22489d575d37a039da9a79959fbad
commit f899ee2d78b22489d575d37a039da9a79959fbad
Merge: 4561e8e 2dbeabc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:10:59 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4561e8e3cd92e0a070af55556ddd975c302297a5
commit 4561e8e3cd92e0a070af55556ddd975c302297a5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:10:59 2013 -0300
goto
diff --git a/meta b/meta
index c4aecea..e9a79ed 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 33bb3dca5b8ad25784eef98bd49ac57d641a8459
-Head: 9d411555a9f7a2c4dcb353975d41c709ad030271
+Previous: 2dbeabc90d3187cb757660ab99b1aac6dbe2a766
+Head: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
manual-document-mt-safety-filesys.patch: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
+Unapplied:
manual-document-mt-safety-getopt.patch: fd1ab5961b60c8bc5524617aba67528f45c035be
manual-document-mt-safety-libdl.patch: 59b1677a250033e8588a31f175a0457967e20bce
manual-document-mt-safety-job.patch: 3511ea8a2e073e03029c05ac857b8ba78d4120f3
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: ff0748435327d4fc62cd344c4fed5b1b7c1175c3
wip-manual-document-mt-safety-threads.patch: e19104d821eb2d831d8f4fbe98ecbe0cb7a58fab
wip-manual-document-mt-safety-time.patch: 9d411555a9f7a2c4dcb353975d41c709ad030271
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2dbeabc90d3187cb757660ab99b1aac6dbe2a766
commit 2dbeabc90d3187cb757660ab99b1aac6dbe2a766
Merge: fa8bc10 9d41155 33bb3dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:46 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa8bc10405cc1c1477c274b5a16e580f27ed27ba
commit fa8bc10405cc1c1477c274b5a16e580f27ed27ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:46 2013 -0300
push
diff --git a/meta b/meta
index 823da90..c4aecea 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 283e6d9258890d6620ff2843ae0d6827e23eab48
-Head: dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
+Previous: 33bb3dca5b8ad25784eef98bd49ac57d641a8459
+Head: 9d411555a9f7a2c4dcb353975d41c709ad030271
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -11,24 +11,24 @@ Applied:
manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
manual-document-mt-safety-crypt.patch: dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
+ manual-document-mt-safety-ctype.patch: 1d9117d74990d3b2c143fd888d1435b627116a49
+ manual-document-mt-safety-debug.patch: 2851febd94cec0ec11937f681c65ada586f9a223
+ manual-document-mt-safety-errno.patch: 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
+ manual-document-mt-safety-filesys.patch: c94ff62dad7a91e0eafa7bac91d3c36ccb138936
+ manual-document-mt-safety-getopt.patch: fd1ab5961b60c8bc5524617aba67528f45c035be
+ manual-document-mt-safety-libdl.patch: 59b1677a250033e8588a31f175a0457967e20bce
+ manual-document-mt-safety-job.patch: 3511ea8a2e073e03029c05ac857b8ba78d4120f3
+ manual-document-mt-safety-lang.patch: af8d731747f880cbc9dcd12a20c33ae29807081a
+ manual-document-mt-safety-llio.patch: c96f5dd7f4dc623d8e1b4d963da947d190b385a3
+ manual-document-mt-safety-stdio.patch: b8d40c34db5a32a436bd3d93fbced3f277277bdd
+ wip-manual-document-mt-safety-locale.patch: 525104cbc058b86bed62e4c6ac9d61801d8aac30
+ wip-manual-document-mt-safety-math.patch: 12c7558599b93d105e50a3a4d4d37b45916653dd
+ wip-manual-document-mt-safety-startup.patch: 06bca383d921a436fed841e86912f4c68c94bc52
+ wip-manual-document-mt-safety-search.patch: 0e431a68abd2c68670bca4adad2da412e57ba322
+ wip-manual-document-mt-safety-resource.patch: 9cb1a05651f366cb988e33e60261150697da50e9
+ wip-manual-document-mt-safety-string.patch: 3ceb98893b8304c17d1075fd08cc2c16925d8d26
+ wip-manual-document-mt-safety-terminal.patch: ff0748435327d4fc62cd344c4fed5b1b7c1175c3
+ wip-manual-document-mt-safety-threads.patch: e19104d821eb2d831d8f4fbe98ecbe0cb7a58fab
+ wip-manual-document-mt-safety-time.patch: 9d411555a9f7a2c4dcb353975d41c709ad030271
Unapplied:
- manual-document-mt-safety-ctype.patch: dc003e9af2abd847740effc6ffb70ad00be9756f
- manual-document-mt-safety-debug.patch: d4f225eef42541dc480740f9943bfb95af1ac6ea
- manual-document-mt-safety-errno.patch: 4fad6857b15ad881c5a287349a0d13c093605336
- manual-document-mt-safety-filesys.patch: f77283b4b552daf9def0c190fccc5f5c4387068c
- manual-document-mt-safety-getopt.patch: e6721bc24292e81decca229364fe5d9c3c6ea71d
- manual-document-mt-safety-libdl.patch: 39277bc7d9f8f88e3250ebf2bab380fd90c64d1d
- manual-document-mt-safety-job.patch: 206f4e754558d0c111d9b727285bf9d6c4b86598
- manual-document-mt-safety-lang.patch: 443d8e06a844671359ebf35dba1211a3178ee4ad
- manual-document-mt-safety-llio.patch: 40291dd9759713efc7236398de48112816f0f3d6
- manual-document-mt-safety-stdio.patch: e3c55c602e828c608f1f6230e75ecbb2416caf16
- wip-manual-document-mt-safety-locale.patch: 7ee91213d3fc5f11dd4cc39b0abcc7e4c2e4dd23
- wip-manual-document-mt-safety-math.patch: 22e6f0a3bcaca29f27609644baf5fea9a4175248
- wip-manual-document-mt-safety-startup.patch: 2041cdf01d0056eaf965a1eb716d32880a7d63fe
- wip-manual-document-mt-safety-search.patch: 46fa2f9291a5ba618a719449d339d8cdf55c471e
- wip-manual-document-mt-safety-resource.patch: 1e1e61430f3317fd1b9dc97dd2a93476c4d8aa42
- wip-manual-document-mt-safety-string.patch: b85499751668443c0f62c4c3870c5d168d49ecaa
- wip-manual-document-mt-safety-terminal.patch: f1eb3c581f36a70cbaba74b299638fa1c2f6a915
- wip-manual-document-mt-safety-threads.patch: 59a4161882789129bbe1ad4f10f88c77e274cca3
- wip-manual-document-mt-safety-time.patch: a16217056ff0a4d0283a48b0866c343275e665cc
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index dc8b87f..e5aada3 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
-Top: e6ad56f60a9ae3119fa08543ad49b558cff0c045
+Bottom: 7995ce65c762cc782885f999be1655c53385b187
+Top: 64ebd752fed5cf529fd9903b3078f66d5a39ae0f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 2b678fe..8ca0d1e 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: e6ad56f60a9ae3119fa08543ad49b558cff0c045
-Top: 3ababf1041f03670a2c2776baee2ed0c43d31698
+Bottom: 64ebd752fed5cf529fd9903b3078f66d5a39ae0f
+Top: 1c6445c77783aa0c8826066576f1bea1d574a20c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 424e584..41e8371 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 3ababf1041f03670a2c2776baee2ed0c43d31698
-Top: b4f7c402311f37c3b32d6f4d32dc00a60994226f
+Bottom: 1c6445c77783aa0c8826066576f1bea1d574a20c
+Top: 1ff2a8e59e8b9699588c78ee345f4d6ed95eb078
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index d13ef9a..5c7af93 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: b4f7c402311f37c3b32d6f4d32dc00a60994226f
-Top: 122d09db0404eacd5edf4e67b19ccd9051214e43
+Bottom: 1ff2a8e59e8b9699588c78ee345f4d6ed95eb078
+Top: 37e7ccc382017c5f5e221e651c5ece331c8757be
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index eaf7aca..21aaf24 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: 122d09db0404eacd5edf4e67b19ccd9051214e43
-Top: 9866bab7870219b6988dab9ba93f6d25dc2c100c
+Bottom: 37e7ccc382017c5f5e221e651c5ece331c8757be
+Top: 744f8962aaf3b4e0b439ff3bb97be69bad525f36
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 4953c91..3b8f840 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: ec3605354c18a37252d7488b1d2137114ebe08c6
-Top: 3be4fa8a36465897a21bfea4d9c0591e6ef0fde8
+Bottom: 62741c4a3c56289629f1e10d0ec4ca2298d5cb0d
+Top: efa976ea477ad9e56917b73191483a62a134045e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index cfdec52..2cda9f9 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 3be4fa8a36465897a21bfea4d9c0591e6ef0fde8
-Top: 07d762fd38d600310567e328e80e1b79b68edcf4
+Bottom: efa976ea477ad9e56917b73191483a62a134045e
+Top: 194f0145ab08733f32fe10b68753b31e84e74328
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 813f3fc..73a0c1b 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 9866bab7870219b6988dab9ba93f6d25dc2c100c
-Top: ec3605354c18a37252d7488b1d2137114ebe08c6
+Bottom: 744f8962aaf3b4e0b439ff3bb97be69bad525f36
+Top: 62741c4a3c56289629f1e10d0ec4ca2298d5cb0d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 44cc758..26621ee 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 07d762fd38d600310567e328e80e1b79b68edcf4
-Top: c1a698990b72ac8bdc2a28b520626b33471c00ae
+Bottom: 194f0145ab08733f32fe10b68753b31e84e74328
+Top: e78f0a6ed4ced2836717f8bea7d382a8ba7b66dc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 250c52b..7824650 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: c1a698990b72ac8bdc2a28b520626b33471c00ae
-Top: 5ea62d01e9347793c938b6e18e84f3dab1ca318e
+Bottom: e78f0a6ed4ced2836717f8bea7d382a8ba7b66dc
+Top: 4cbba3b6cb190622784c66924c44ac57e1c5312f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 99b3533..5aa2088 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 5ea62d01e9347793c938b6e18e84f3dab1ca318e
-Top: 16f2fe7871e24dc405b45dbd94bc718ff43c10c3
+Bottom: 4cbba3b6cb190622784c66924c44ac57e1c5312f
+Top: b157aa1f6755cd6bd70effcad95e6cfb3c7ad9c1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index c012844..8441128 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 16f2fe7871e24dc405b45dbd94bc718ff43c10c3
-Top: 59b9261000c6b7a639e3a84300c7502a80c42a4e
+Bottom: b157aa1f6755cd6bd70effcad95e6cfb3c7ad9c1
+Top: 20b8dc675fa6dbba870f66329160337c64509ee0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index c52c51b..f664e38 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 9984c2c6125f0eafc7653a65bbb6f102a16155f2
-Top: f41451b18f5e7f9e3ddc0dbf945169dbd61eda46
+Bottom: e4e3f5e2330e3ac6c7eae975de280f1ba8ac3479
+Top: 4b5aea59fb7148ab8339fe9c5c2fd40de20acca5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 6db5822..b0190ba 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 4cb7add8806fa3c3f15a04c29259e9eddc417ba6
-Top: 9984c2c6125f0eafc7653a65bbb6f102a16155f2
+Bottom: 3898f41755498b36b7cd3566b90ad4f629ada674
+Top: e4e3f5e2330e3ac6c7eae975de280f1ba8ac3479
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 92a5437..01b8303 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 59b9261000c6b7a639e3a84300c7502a80c42a4e
-Top: 4cb7add8806fa3c3f15a04c29259e9eddc417ba6
+Bottom: 20b8dc675fa6dbba870f66329160337c64509ee0
+Top: 3898f41755498b36b7cd3566b90ad4f629ada674
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 380a2c0..16834fc 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: f41451b18f5e7f9e3ddc0dbf945169dbd61eda46
-Top: 79b6c41eb30b57d0ae06b3a08774d66214439506
+Bottom: 4b5aea59fb7148ab8339fe9c5c2fd40de20acca5
+Top: e42edee8bf1594adf7e7cfa49e197c47dcc76264
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 02a3774..08a9893 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 79b6c41eb30b57d0ae06b3a08774d66214439506
-Top: 2efb87de244b3766a61de3499319c10a0f2b0722
+Bottom: e42edee8bf1594adf7e7cfa49e197c47dcc76264
+Top: a97217eae5c86c40da7508a90d5a8507080e1488
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 182a5c2..dd9a78f 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 2efb87de244b3766a61de3499319c10a0f2b0722
-Top: 9a302c73b3e66c244488b83c45b0093b7c583835
+Bottom: a97217eae5c86c40da7508a90d5a8507080e1488
+Top: 17d31f44b33a4efa3757560f8fab8834bd4d2d67
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 73bc64a..e96627a 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 9a302c73b3e66c244488b83c45b0093b7c583835
-Top: 9cd1ed610c81866354975c873c2429e57421212a
+Bottom: 17d31f44b33a4efa3757560f8fab8834bd4d2d67
+Top: ff509c08ed1dd9e766ab81dadd88d49d2c479857
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d411555a9f7a2c4dcb353975d41c709ad030271
commit 9d411555a9f7a2c4dcb353975d41c709ad030271
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e19104d821eb2d831d8f4fbe98ecbe0cb7a58fab
commit e19104d821eb2d831d8f4fbe98ecbe0cb7a58fab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ff0748435327d4fc62cd344c4fed5b1b7c1175c3
commit ff0748435327d4fc62cd344c4fed5b1b7c1175c3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3ceb98893b8304c17d1075fd08cc2c16925d8d26
commit 3ceb98893b8304c17d1075fd08cc2c16925d8d26
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9cb1a05651f366cb988e33e60261150697da50e9
commit 9cb1a05651f366cb988e33e60261150697da50e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e431a68abd2c68670bca4adad2da412e57ba322
commit 0e431a68abd2c68670bca4adad2da412e57ba322
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06bca383d921a436fed841e86912f4c68c94bc52
commit 06bca383d921a436fed841e86912f4c68c94bc52
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12c7558599b93d105e50a3a4d4d37b45916653dd
commit 12c7558599b93d105e50a3a4d4d37b45916653dd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
commit 48a6b75fc25dc87bedc75d3fdfc131da890b7f4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..b5b6630 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat (there's a commented-out safety assessment for this one)
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c94ff62dad7a91e0eafa7bac91d3c36ccb138936
commit c94ff62dad7a91e0eafa7bac91d3c36ccb138936
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=525104cbc058b86bed62e4c6ac9d61801d8aac30
commit 525104cbc058b86bed62e4c6ac9d61801d8aac30
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
commit 06af1d5ee2d283ef4da1ec4190dd42b9bd9e5e53
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8d40c34db5a32a436bd3d93fbced3f277277bdd
commit b8d40c34db5a32a436bd3d93fbced3f277277bdd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2851febd94cec0ec11937f681c65ada586f9a223
commit 2851febd94cec0ec11937f681c65ada586f9a223
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c96f5dd7f4dc623d8e1b4d963da947d190b385a3
commit c96f5dd7f4dc623d8e1b4d963da947d190b385a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1d9117d74990d3b2c143fd888d1435b627116a49
commit 1d9117d74990d3b2c143fd888d1435b627116a49
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af8d731747f880cbc9dcd12a20c33ae29807081a
commit af8d731747f880cbc9dcd12a20c33ae29807081a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3511ea8a2e073e03029c05ac857b8ba78d4120f3
commit 3511ea8a2e073e03029c05ac857b8ba78d4120f3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59b1677a250033e8588a31f175a0457967e20bce
commit 59b1677a250033e8588a31f175a0457967e20bce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fd1ab5961b60c8bc5524617aba67528f45c035be
commit fd1ab5961b60c8bc5524617aba67528f45c035be
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=33bb3dca5b8ad25784eef98bd49ac57d641a8459
commit 33bb3dca5b8ad25784eef98bd49ac57d641a8459
Merge: 1f2b789 283e6d9 dabcbeb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:31 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f2b78953becf54e98c3de46124735f4108b366c
commit 1f2b78953becf54e98c3de46124735f4108b366c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:31 2013 -0300
refresh
diff --git a/meta b/meta
index dfabea6..823da90 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 733995c9ef9e9c01851a9603c4ffb530bbf7b8d3
-Head: de4f2a47af0e9ef9da1f16926fbb50aad6193642
+Previous: 283e6d9258890d6620ff2843ae0d6827e23eab48
+Head: dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -10,8 +10,7 @@ Applied:
manual-document-mt-safety-arith.patch: 7288eb7651261bf0ff7d26fd94d47c4a6267169f
manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
- manual-document-mt-safety-crypt.patch: ae74a2f95b7ccea4362a553291e9dd5c403915e3
- refresh-temp: de4f2a47af0e9ef9da1f16926fbb50aad6193642
+ manual-document-mt-safety-crypt.patch: dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
Unapplied:
manual-document-mt-safety-ctype.patch: dc003e9af2abd847740effc6ffb70ad00be9756f
manual-document-mt-safety-debug.patch: d4f225eef42541dc480740f9943bfb95af1ac6ea
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 8198119..48df593 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
Bottom: 6971015fc6a93453edf7bda609669d84f67a4037
-Top: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
+Top: 7995ce65c762cc782885f999be1655c53385b187
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
@@ -13,14 +13,13 @@ for ChangeLog
---
diff --git a/manual/crypt.texi b/manual/crypt.texi
-index ef90590..5c9f6f7 100644
+index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
-@@ -92,7 +92,13 @@ in a convenient way.
+@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
--
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
@@ -28,10 +27,10 @@ index ef90590..5c9f6f7 100644
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
+
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
- @file{/dev/tty}, if possible, to encourage users not to put plaintext
-@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
+@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
@@ -45,7 +44,7 @@ index ef90590..5c9f6f7 100644
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
-@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
+@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
@@ -55,7 +54,7 @@ index ef90590..5c9f6f7 100644
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
-@@ -233,6 +249,11 @@ specifies the unused bits.
+@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
@@ -67,7 +66,7 @@ index ef90590..5c9f6f7 100644
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
-@@ -244,6 +265,8 @@ parity.
+@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
@@ -76,7 +75,7 @@ index ef90590..5c9f6f7 100644
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
-@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
+@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
@@ -88,7 +87,7 @@ index ef90590..5c9f6f7 100644
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
-@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
+@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
@@ -96,7 +95,7 @@ index ef90590..5c9f6f7 100644
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
-@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
+@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
@@ -104,7 +103,7 @@ index ef90590..5c9f6f7 100644
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
-@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
+@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 7c0f2a5..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,21 +0,0 @@
-Bottom: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
-Top: 7995ce65c762cc782885f999be1655c53385b187
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 04:08:30 -0300
-
-Refresh of manual-document-mt-safety-crypt.patch
-
----
-
-diff --git a/manual/crypt.texi b/manual/crypt.texi
-index 5c9f6f7..a3c8fa5 100644
---- a/manual/crypt.texi
-+++ b/manual/crypt.texi
-@@ -99,6 +99,7 @@ in a convenient way.
- @c then restore the terminal mode. It has a cleanup to close the stream
- @c in case of (synchronous) cancellation, but not to restore the
- @c terminal mode.
-+
- @code{getpass} outputs @var{prompt}, then reads a string in from the
- terminal without echoing it. It tries to connect to the real terminal,
- @file{/dev/tty}, if possible, to encourage users not to put plaintext
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=283e6d9258890d6620ff2843ae0d6827e23eab48
commit 283e6d9258890d6620ff2843ae0d6827e23eab48
Merge: 8ba9385 733995c de4f2a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:31 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ba9385c931fc12c6519bb7818c66d36c381b00b
commit 8ba9385c931fc12c6519bb7818c66d36c381b00b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:31 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 45bee50..dfabea6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7d7f7b862416ab02645bff41b34c060c5f278c47
-Head: ae74a2f95b7ccea4362a553291e9dd5c403915e3
+Previous: 733995c9ef9e9c01851a9603c4ffb530bbf7b8d3
+Head: de4f2a47af0e9ef9da1f16926fbb50aad6193642
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
manual-document-mt-safety-crypt.patch: ae74a2f95b7ccea4362a553291e9dd5c403915e3
+ refresh-temp: de4f2a47af0e9ef9da1f16926fbb50aad6193642
Unapplied:
manual-document-mt-safety-ctype.patch: dc003e9af2abd847740effc6ffb70ad00be9756f
manual-document-mt-safety-debug.patch: d4f225eef42541dc480740f9943bfb95af1ac6ea
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..7c0f2a5
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,21 @@
+Bottom: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
+Top: 7995ce65c762cc782885f999be1655c53385b187
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 04:08:30 -0300
+
+Refresh of manual-document-mt-safety-crypt.patch
+
+---
+
+diff --git a/manual/crypt.texi b/manual/crypt.texi
+index 5c9f6f7..a3c8fa5 100644
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -99,6 +99,7 @@ in a convenient way.
+ @c then restore the terminal mode. It has a cleanup to close the stream
+ @c in case of (synchronous) cancellation, but not to restore the
+ @c terminal mode.
++
+ @code{getpass} outputs @var{prompt}, then reads a string in from the
+ terminal without echoing it. It tries to connect to the real terminal,
+ @file{/dev/tty}, if possible, to encourage users not to put plaintext
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=de4f2a47af0e9ef9da1f16926fbb50aad6193642
commit de4f2a47af0e9ef9da1f16926fbb50aad6193642
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:08:30 2013 -0300
Refresh of manual-document-mt-safety-crypt.patch
diff --git a/manual/crypt.texi b/manual/crypt.texi
index 5c9f6f7..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -99,6 +99,7 @@ in a convenient way.
@c then restore the terminal mode. It has a cleanup to close the stream
@c in case of (synchronous) cancellation, but not to restore the
@c terminal mode.
+
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=733995c9ef9e9c01851a9603c4ffb530bbf7b8d3
commit 733995c9ef9e9c01851a9603c4ffb530bbf7b8d3
Merge: b8af925 7d7f7b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:07:31 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8af925c25c7acce0bbc95c11ff777023c86536e
commit b8af925c25c7acce0bbc95c11ff777023c86536e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 04:07:31 2013 -0300
goto
diff --git a/meta b/meta
index e7e925e..45bee50 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9cdfbb1dc7b1689a67f30412e3846e73edc64bdc
-Head: a16217056ff0a4d0283a48b0866c343275e665cc
+Previous: 7d7f7b862416ab02645bff41b34c060c5f278c47
+Head: ae74a2f95b7ccea4362a553291e9dd5c403915e3
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
manual-document-mt-safety-crypt.patch: ae74a2f95b7ccea4362a553291e9dd5c403915e3
+Unapplied:
manual-document-mt-safety-ctype.patch: dc003e9af2abd847740effc6ffb70ad00be9756f
manual-document-mt-safety-debug.patch: d4f225eef42541dc480740f9943bfb95af1ac6ea
manual-document-mt-safety-errno.patch: 4fad6857b15ad881c5a287349a0d13c093605336
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: f1eb3c581f36a70cbaba74b299638fa1c2f6a915
wip-manual-document-mt-safety-threads.patch: 59a4161882789129bbe1ad4f10f88c77e274cca3
wip-manual-document-mt-safety-time.patch: a16217056ff0a4d0283a48b0866c343275e665cc
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7d7f7b862416ab02645bff41b34c060c5f278c47
commit 7d7f7b862416ab02645bff41b34c060c5f278c47
Merge: 227eb89 9cdfbb1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:35:20 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=227eb89514b8e4bad5f00b53f8928115a0edde9b
commit 227eb89514b8e4bad5f00b53f8928115a0edde9b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:35:20 2013 -0300
push
diff --git a/meta b/meta
index 5139814..e7e925e 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,10 @@
Version: 1
-Previous: c339b003f5eb745be1c1d731544530e3570f9c14
-Head: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
+Previous: 9cdfbb1dc7b1689a67f30412e3846e73edc64bdc
+Head: a16217056ff0a4d0283a48b0866c343275e665cc
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
-Unapplied:
manual-document-mt-safety.patch: a55b2aa9900f7f2d98793bb44e882e32b000150b
manual-document-mt-safety-argp.patch: f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
manual-document-mt-safety-arith.patch: 7288eb7651261bf0ff7d26fd94d47c4a6267169f
@@ -31,4 +30,5 @@ Unapplied:
wip-manual-document-mt-safety-terminal.patch: f1eb3c581f36a70cbaba74b299638fa1c2f6a915
wip-manual-document-mt-safety-threads.patch: 59a4161882789129bbe1ad4f10f88c77e274cca3
wip-manual-document-mt-safety-time.patch: a16217056ff0a4d0283a48b0866c343275e665cc
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9cdfbb1dc7b1689a67f30412e3846e73edc64bdc
commit 9cdfbb1dc7b1689a67f30412e3846e73edc64bdc
Merge: e9f3c44 c339b00
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:27 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9f3c444f69d760796c74b00a10a3917753653e5
commit e9f3c444f69d760796c74b00a10a3917753653e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:27 2013 -0300
push
diff --git a/meta b/meta
index 0f3e99f..5139814 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: 95fcade3632a1478e1c6c603c486f62936a1c337
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: c339b003f5eb745be1c1d731544530e3570f9c14
+Head: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Applied:
-Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
+Unapplied:
manual-document-mt-safety.patch: a55b2aa9900f7f2d98793bb44e882e32b000150b
manual-document-mt-safety-argp.patch: f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
manual-document-mt-safety-arith.patch: 7288eb7651261bf0ff7d26fd94d47c4a6267169f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c339b003f5eb745be1c1d731544530e3570f9c14
commit c339b003f5eb745be1c1d731544530e3570f9c14
Merge: 1dfd923 ca0a6bc 95fcade
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:25 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1dfd923d83a32c5dbb4e0a34196bf5abb5806cb9
commit 1dfd923d83a32c5dbb4e0a34196bf5abb5806cb9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:25 2013 -0300
pop
diff --git a/meta b/meta
index 20ca613..0f3e99f 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: eedf24efbcebfb452c91b90e339079e6810b195f
-Head: a16217056ff0a4d0283a48b0866c343275e665cc
+Previous: 95fcade3632a1478e1c6c603c486f62936a1c337
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: f1eb3c581f36a70cbaba74b299638fa1c2f6a915
wip-manual-document-mt-safety-threads.patch: 59a4161882789129bbe1ad4f10f88c77e274cca3
wip-manual-document-mt-safety-time.patch: a16217056ff0a4d0283a48b0866c343275e665cc
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95fcade3632a1478e1c6c603c486f62936a1c337
commit 95fcade3632a1478e1c6c603c486f62936a1c337
Merge: dd0a1e7 a162170 eedf24e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dd0a1e7058473fc6064afbc93cf7c3119c740d3e
commit dd0a1e7058473fc6064afbc93cf7c3119c740d3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:25 2013 -0300
push
diff --git a/meta b/meta
index 8920391..20ca613 100644
--- a/meta
+++ b/meta
@@ -1,34 +1,34 @@
Version: 1
-Previous: 479c336b75a91c9742290b344b093951c4afc234
-Head: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
+Previous: eedf24efbcebfb452c91b90e339079e6810b195f
+Head: a16217056ff0a4d0283a48b0866c343275e665cc
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
+ manual-document-mt-safety.patch: a55b2aa9900f7f2d98793bb44e882e32b000150b
+ manual-document-mt-safety-argp.patch: f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
+ manual-document-mt-safety-arith.patch: 7288eb7651261bf0ff7d26fd94d47c4a6267169f
+ manual-document-mt-safety-charset.patch: d739c28d7512bc43968ecc860a2501aeb2b38862
+ manual-document-mt-safety-conf.patch: 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
+ manual-document-mt-safety-crypt.patch: ae74a2f95b7ccea4362a553291e9dd5c403915e3
+ manual-document-mt-safety-ctype.patch: dc003e9af2abd847740effc6ffb70ad00be9756f
+ manual-document-mt-safety-debug.patch: d4f225eef42541dc480740f9943bfb95af1ac6ea
+ manual-document-mt-safety-errno.patch: 4fad6857b15ad881c5a287349a0d13c093605336
+ manual-document-mt-safety-filesys.patch: f77283b4b552daf9def0c190fccc5f5c4387068c
+ manual-document-mt-safety-getopt.patch: e6721bc24292e81decca229364fe5d9c3c6ea71d
+ manual-document-mt-safety-libdl.patch: 39277bc7d9f8f88e3250ebf2bab380fd90c64d1d
+ manual-document-mt-safety-job.patch: 206f4e754558d0c111d9b727285bf9d6c4b86598
+ manual-document-mt-safety-lang.patch: 443d8e06a844671359ebf35dba1211a3178ee4ad
+ manual-document-mt-safety-llio.patch: 40291dd9759713efc7236398de48112816f0f3d6
+ manual-document-mt-safety-stdio.patch: e3c55c602e828c608f1f6230e75ecbb2416caf16
+ wip-manual-document-mt-safety-locale.patch: 7ee91213d3fc5f11dd4cc39b0abcc7e4c2e4dd23
+ wip-manual-document-mt-safety-math.patch: 22e6f0a3bcaca29f27609644baf5fea9a4175248
+ wip-manual-document-mt-safety-startup.patch: 2041cdf01d0056eaf965a1eb716d32880a7d63fe
+ wip-manual-document-mt-safety-search.patch: 46fa2f9291a5ba618a719449d339d8cdf55c471e
+ wip-manual-document-mt-safety-resource.patch: 1e1e61430f3317fd1b9dc97dd2a93476c4d8aa42
+ wip-manual-document-mt-safety-string.patch: b85499751668443c0f62c4c3870c5d168d49ecaa
+ wip-manual-document-mt-safety-terminal.patch: f1eb3c581f36a70cbaba74b299638fa1c2f6a915
+ wip-manual-document-mt-safety-threads.patch: 59a4161882789129bbe1ad4f10f88c77e274cca3
+ wip-manual-document-mt-safety-time.patch: a16217056ff0a4d0283a48b0866c343275e665cc
Unapplied:
- manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
- manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
- manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
- manual-document-mt-safety-charset.patch: c4b388232d899078a1b6d6a59f8c81d91b48f0a1
- manual-document-mt-safety-conf.patch: b5d8ce5c1458b5e838a2863d4ba4baa86c823b28
- manual-document-mt-safety-crypt.patch: 72ef57b840cd42f1110c069ef69c5000ef9c88b7
- manual-document-mt-safety-ctype.patch: f60b1d81ad9cb9c6c27a099d76bdc6abcaf790a2
- manual-document-mt-safety-debug.patch: 68a39285b6322ffa0bc420d57ec68b14f732c4e3
- manual-document-mt-safety-errno.patch: da9e9ee60c99d6dc0316d8546541e6dd9c0c9b99
- manual-document-mt-safety-filesys.patch: d0691d184b91c2e2c5698ea76d17dd9f3a122f8f
- manual-document-mt-safety-getopt.patch: 4a5d90dda6e00313cc5ba8ce421efaa9cb59081b
- manual-document-mt-safety-libdl.patch: 307bd3daee46ac59346ae246cca438c773592157
- manual-document-mt-safety-job.patch: 056831666a434aed7f142ee31ad9ca0d6ba2d3bc
- manual-document-mt-safety-lang.patch: 63d1c42e6da89b0ad4d95cf9389cd10979efbe86
- manual-document-mt-safety-llio.patch: 949a5e85be3e463201abb3eca47b28d136e6a748
- manual-document-mt-safety-stdio.patch: fd97e2760a742412d0efb962445d45e5f6c31d25
- wip-manual-document-mt-safety-locale.patch: 62c5d0311f8340f9adfd4020aaf20fc59b3bf99d
- wip-manual-document-mt-safety-math.patch: 3c144b261343ed149aabebaf1644836f8cc743e5
- wip-manual-document-mt-safety-startup.patch: 6300794e9ab2baa967f9a1778dbf68ab1dd6bded
- wip-manual-document-mt-safety-search.patch: 41d5ae9e5dfbfe26fd2cd56fa6ca85642a89cccc
- wip-manual-document-mt-safety-resource.patch: 1daf7c7b5916ddc5c68ab1eeb07c507dd20a6c24
- wip-manual-document-mt-safety-string.patch: 733b88651a82568a50710faeb8984d6b4c9ed92e
- wip-manual-document-mt-safety-terminal.patch: 88d6db1efac30fda4ced56f1f651174b35cf5214
- wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
- wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 8284a1e..fcb91bc 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 34670202bf46f8c2807d998163a3ae485669f59e
-Top: 6f7a5e6749ad296a05be499432131dbe19bb6f95
+Bottom: dd5f61ec57d719c37843c4e02281f6e13e85e1e6
+Top: 7330788415ea874753e04d105c9610b828888f8d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 5e36901..24f961d 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 6f7a5e6749ad296a05be499432131dbe19bb6f95
-Top: defee7a3afc291649a03a852fe89e085e809b1cc
+Bottom: 7330788415ea874753e04d105c9610b828888f8d
+Top: 938a0224455b9ed4d30c77898cfcda3e7658d101
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 9bbb051..b81a770 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: defee7a3afc291649a03a852fe89e085e809b1cc
-Top: f0f71d6f601b734abdc7ed68eab96e38b0b2a122
+Bottom: 938a0224455b9ed4d30c77898cfcda3e7658d101
+Top: 11af94a52cfc833e6b706d5bb2641d219dd8e9b1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 79c3d28..17f1a35 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: f0f71d6f601b734abdc7ed68eab96e38b0b2a122
-Top: db47a43bafc8d1f8d787b9cfb531d1bc04a01bcc
+Bottom: 11af94a52cfc833e6b706d5bb2641d219dd8e9b1
+Top: 6971015fc6a93453edf7bda609669d84f67a4037
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 57d5762..8198119 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: db47a43bafc8d1f8d787b9cfb531d1bc04a01bcc
-Top: 989582e2a61eac80aee357a0b3391b88bdf700b8
+Bottom: 6971015fc6a93453edf7bda609669d84f67a4037
+Top: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 9b2ecd0..dc8b87f 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 989582e2a61eac80aee357a0b3391b88bdf700b8
-Top: e5a870898375d0f16d290f0ce49ace14c8d4a2d7
+Bottom: 089fd8db0fb871c7ca2e99ac7f4311e9010432ca
+Top: e6ad56f60a9ae3119fa08543ad49b558cff0c045
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index d851526..2b678fe 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: e5a870898375d0f16d290f0ce49ace14c8d4a2d7
-Top: 18067421e6a29e6bd67a95dca76d8007f8b3208f
+Bottom: e6ad56f60a9ae3119fa08543ad49b558cff0c045
+Top: 3ababf1041f03670a2c2776baee2ed0c43d31698
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index ea8bf28..424e584 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 18067421e6a29e6bd67a95dca76d8007f8b3208f
-Top: 69d0870850cf838c0374659f9cbf240c906205b8
+Bottom: 3ababf1041f03670a2c2776baee2ed0c43d31698
+Top: b4f7c402311f37c3b32d6f4d32dc00a60994226f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 3b063f6..d13ef9a 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 69d0870850cf838c0374659f9cbf240c906205b8
-Top: eae3c43e01e0c942f9a5097a40719ef9a00c9572
+Bottom: b4f7c402311f37c3b32d6f4d32dc00a60994226f
+Top: 122d09db0404eacd5edf4e67b19ccd9051214e43
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 2514497..eaf7aca 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: eae3c43e01e0c942f9a5097a40719ef9a00c9572
-Top: ca3bfae7ef20886b7aa0e19b97b7e989545ca988
+Bottom: 122d09db0404eacd5edf4e67b19ccd9051214e43
+Top: 9866bab7870219b6988dab9ba93f6d25dc2c100c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index dd7e72e..4953c91 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 238024f7204c47a5f57650bf1249139600a50037
-Top: 0bac2dafb8007c7423049255cfe9f32d92341729
+Bottom: ec3605354c18a37252d7488b1d2137114ebe08c6
+Top: 3be4fa8a36465897a21bfea4d9c0591e6ef0fde8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 6be420f..cfdec52 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 0bac2dafb8007c7423049255cfe9f32d92341729
-Top: 193841de621025d5ba0a8d8a93cd15e52ed049b0
+Bottom: 3be4fa8a36465897a21bfea4d9c0591e6ef0fde8
+Top: 07d762fd38d600310567e328e80e1b79b68edcf4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index de6923e..813f3fc 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: ca3bfae7ef20886b7aa0e19b97b7e989545ca988
-Top: 238024f7204c47a5f57650bf1249139600a50037
+Bottom: 9866bab7870219b6988dab9ba93f6d25dc2c100c
+Top: ec3605354c18a37252d7488b1d2137114ebe08c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index e39088d..44cc758 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 193841de621025d5ba0a8d8a93cd15e52ed049b0
-Top: 54dc9cb53a865ae026f28501a469078a5ca48df9
+Bottom: 07d762fd38d600310567e328e80e1b79b68edcf4
+Top: c1a698990b72ac8bdc2a28b520626b33471c00ae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index c79c8a0..250c52b 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 54dc9cb53a865ae026f28501a469078a5ca48df9
-Top: f2df3f2410eb8c7978798b2bd791b2fdc45b156d
+Bottom: c1a698990b72ac8bdc2a28b520626b33471c00ae
+Top: 5ea62d01e9347793c938b6e18e84f3dab1ca318e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index c25fc87..a573ff4 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: ec44285035bdee25fdfdd25c2385cb08deeced27
+Bottom: 50e2fbc0bfe0ec92d66e09e6b0891dfd6c8d53b7
+Top: dd5f61ec57d719c37843c4e02281f6e13e85e1e6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 3a5b6c8..99b3533 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: f2df3f2410eb8c7978798b2bd791b2fdc45b156d
-Top: 34ba4b413ec2770c09b9d2be65d6f179dc931409
+Bottom: 5ea62d01e9347793c938b6e18e84f3dab1ca318e
+Top: 16f2fe7871e24dc405b45dbd94bc718ff43c10c3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 6160c0a..c012844 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 34ba4b413ec2770c09b9d2be65d6f179dc931409
-Top: f23d47c6bfcfa87ae920dd9dcae29c054fdf1287
+Bottom: 16f2fe7871e24dc405b45dbd94bc718ff43c10c3
+Top: 59b9261000c6b7a639e3a84300c7502a80c42a4e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 33adf81..c52c51b 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 8bccd91fa434fbc218a608426cc927d18c5a4741
-Top: fe51f29d9106a6912de339229dec19e904bbc8e2
+Bottom: 9984c2c6125f0eafc7653a65bbb6f102a16155f2
+Top: f41451b18f5e7f9e3ddc0dbf945169dbd61eda46
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 2711dca..6db5822 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 4537e5e668ab95e605ff113bad5fec616212481b
-Top: 8bccd91fa434fbc218a608426cc927d18c5a4741
+Bottom: 4cb7add8806fa3c3f15a04c29259e9eddc417ba6
+Top: 9984c2c6125f0eafc7653a65bbb6f102a16155f2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index d8463d0..92a5437 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: f23d47c6bfcfa87ae920dd9dcae29c054fdf1287
-Top: 4537e5e668ab95e605ff113bad5fec616212481b
+Bottom: 59b9261000c6b7a639e3a84300c7502a80c42a4e
+Top: 4cb7add8806fa3c3f15a04c29259e9eddc417ba6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 2a09c97..380a2c0 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: fe51f29d9106a6912de339229dec19e904bbc8e2
-Top: 84c9ce418c9f8b475576cd17329f2eba0eb54cfb
+Bottom: f41451b18f5e7f9e3ddc0dbf945169dbd61eda46
+Top: 79b6c41eb30b57d0ae06b3a08774d66214439506
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 40452fa..02a3774 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 84c9ce418c9f8b475576cd17329f2eba0eb54cfb
-Top: 39f47ac852160ce679bd115e2adad12da35bb14f
+Bottom: 79b6c41eb30b57d0ae06b3a08774d66214439506
+Top: 2efb87de244b3766a61de3499319c10a0f2b0722
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index aee55ed..182a5c2 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 39f47ac852160ce679bd115e2adad12da35bb14f
-Top: 161db65f6a283f93d796b6d782c90ce82ff5586e
+Bottom: 2efb87de244b3766a61de3499319c10a0f2b0722
+Top: 9a302c73b3e66c244488b83c45b0093b7c583835
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index 1da1731..73bc64a 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 161db65f6a283f93d796b6d782c90ce82ff5586e
-Top: b84a5f688770814e8732185c0f64b14903b5b29a
+Bottom: 9a302c73b3e66c244488b83c45b0093b7c583835
+Top: 9cd1ed610c81866354975c873c2429e57421212a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a16217056ff0a4d0283a48b0866c343275e665cc
commit a16217056ff0a4d0283a48b0866c343275e665cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59a4161882789129bbe1ad4f10f88c77e274cca3
commit 59a4161882789129bbe1ad4f10f88c77e274cca3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f1eb3c581f36a70cbaba74b299638fa1c2f6a915
commit f1eb3c581f36a70cbaba74b299638fa1c2f6a915
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b85499751668443c0f62c4c3870c5d168d49ecaa
commit b85499751668443c0f62c4c3870c5d168d49ecaa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1e1e61430f3317fd1b9dc97dd2a93476c4d8aa42
commit 1e1e61430f3317fd1b9dc97dd2a93476c4d8aa42
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46fa2f9291a5ba618a719449d339d8cdf55c471e
commit 46fa2f9291a5ba618a719449d339d8cdf55c471e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2041cdf01d0056eaf965a1eb716d32880a7d63fe
commit 2041cdf01d0056eaf965a1eb716d32880a7d63fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22e6f0a3bcaca29f27609644baf5fea9a4175248
commit 22e6f0a3bcaca29f27609644baf5fea9a4175248
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ee91213d3fc5f11dd4cc39b0abcc7e4c2e4dd23
commit 7ee91213d3fc5f11dd4cc39b0abcc7e4c2e4dd23
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e3c55c602e828c608f1f6230e75ecbb2416caf16
commit e3c55c602e828c608f1f6230e75ecbb2416caf16
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=40291dd9759713efc7236398de48112816f0f3d6
commit 40291dd9759713efc7236398de48112816f0f3d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=443d8e06a844671359ebf35dba1211a3178ee4ad
commit 443d8e06a844671359ebf35dba1211a3178ee4ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=206f4e754558d0c111d9b727285bf9d6c4b86598
commit 206f4e754558d0c111d9b727285bf9d6c4b86598
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39277bc7d9f8f88e3250ebf2bab380fd90c64d1d
commit 39277bc7d9f8f88e3250ebf2bab380fd90c64d1d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6721bc24292e81decca229364fe5d9c3c6ea71d
commit e6721bc24292e81decca229364fe5d9c3c6ea71d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f77283b4b552daf9def0c190fccc5f5c4387068c
commit f77283b4b552daf9def0c190fccc5f5c4387068c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4fad6857b15ad881c5a287349a0d13c093605336
commit 4fad6857b15ad881c5a287349a0d13c093605336
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d4f225eef42541dc480740f9943bfb95af1ac6ea
commit d4f225eef42541dc480740f9943bfb95af1ac6ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
commit dabcbeb1f646a611c3e18db1dbf0d317276c5fbc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..a3c8fa5 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,6 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@@ -127,6 +134,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +202,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +250,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +266,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +281,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +300,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +382,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +409,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ae74a2f95b7ccea4362a553291e9dd5c403915e3
commit ae74a2f95b7ccea4362a553291e9dd5c403915e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc003e9af2abd847740effc6ffb70ad00be9756f
commit dc003e9af2abd847740effc6ffb70ad00be9756f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
commit 30f1f3822b1f3a1e8a69529880d4e8e924a3d35a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d739c28d7512bc43968ecc860a2501aeb2b38862
commit d739c28d7512bc43968ecc860a2501aeb2b38862
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7288eb7651261bf0ff7d26fd94d47c4a6267169f
commit 7288eb7651261bf0ff7d26fd94d47c4a6267169f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
commit f8001a47dc69f4ca878ae0b18dde1eab6f47ca23
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a55b2aa9900f7f2d98793bb44e882e32b000150b
commit a55b2aa9900f7f2d98793bb44e882e32b000150b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eedf24efbcebfb452c91b90e339079e6810b195f
commit eedf24efbcebfb452c91b90e339079e6810b195f
Merge: 72dfcd1 479c336
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:12 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=72dfcd1ff5e40b6acf8464423c0e772ccb010b6f
commit 72dfcd1ff5e40b6acf8464423c0e772ccb010b6f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:12 2013 -0300
rename
diff --git a/meta b/meta
index 70f3825..8920391 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: 872dfa5c522f125ea0ae7678c4cd9af17b527c2a
+Previous: 479c336b75a91c9742290b344b093951c4afc234
Head: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
- remove-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
+ remove-sysdeps-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
diff --git a/patches/remove-ieee754-support.patch b/patches/remove-sysdeps-ieee754-support.patch
similarity index 100%
rename from patches/remove-ieee754-support.patch
rename to patches/remove-sysdeps-ieee754-support.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=479c336b75a91c9742290b344b093951c4afc234
commit 479c336b75a91c9742290b344b093951c4afc234
Merge: 04b90f6 872dfa5 a25c519
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:02 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=04b90f6c81d9a83ba44f6e4b2f1dc69e6b1c4111
commit 04b90f6c81d9a83ba44f6e4b2f1dc69e6b1c4111
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:34:02 2013 -0300
float
diff --git a/meta b/meta
index 635f98d..70f3825 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,10 @@
Version: 1
-Previous: c415bd7267d6aa4084922144b7ec8fba624935d3
-Head: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
+Previous: 872dfa5c522f125ea0ae7678c4cd9af17b527c2a
+Head: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
+ remove-ieee754-support.patch: a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
@@ -30,5 +31,4 @@ Unapplied:
wip-manual-document-mt-safety-terminal.patch: 88d6db1efac30fda4ced56f1f651174b35cf5214
wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
- remove-ieee754-support.patch: 29601892fc048942d31e8e0d1768365ced9a95de
Hidden:
diff --git a/patches/remove-ieee754-support.patch b/patches/remove-ieee754-support.patch
index 1b82d3a..69f8047 100644
--- a/patches/remove-ieee754-support.patch
+++ b/patches/remove-ieee754-support.patch
@@ -1,5 +1,5 @@
-Bottom: b84a5f688770814e8732185c0f64b14903b5b29a
-Top: 9cd1ed610c81866354975c873c2429e57421212a
+Bottom: 0cde62ba14858955eaea55ab1c1dff0f01f3a01a
+Top: 50e2fbc0bfe0ec92d66e09e6b0891dfd6c8d53b7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-16 00:32:53 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
commit a25c51911f256292d5cc15cc5dbb8f7f2726c9e6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:32:53 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=872dfa5c522f125ea0ae7678c4cd9af17b527c2a
commit 872dfa5c522f125ea0ae7678c4cd9af17b527c2a
Merge: a9d9272 ca2910c c415bd7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:57 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9d9272935702bc331ddd43b63c32af71ed58b7f
commit a9d9272935702bc331ddd43b63c32af71ed58b7f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:57 2013 -0300
float
diff --git a/meta b/meta
index 0689931..635f98d 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: db95c6393f559d6cb9b4cbf00010033c0f577e78
-Head: 06e4960536888589dff34cbc68b16091f303bc5e
+Previous: c415bd7267d6aa4084922144b7ec8fba624935d3
+Head: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
Applied:
powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
+ unused-scalb-is-scalbn.patch: ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
- unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
manual-document-mt-safety-charset.patch: c4b388232d899078a1b6d6a59f8c81d91b48f0a1
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 7c99769..eec1d7e 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: d924767fdd94034e5ddf99b3e5a9291d4c5a5366
-Top: 34670202bf46f8c2807d998163a3ae485669f59e
+Bottom: b937cc635d4d2275aefa75f55fe195e302fbe4e3
+Top: 0cde62ba14858955eaea55ab1c1dff0f01f3a01a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
commit ca2910ce3d85f4ab9b8c4e8d31bc243eab5f1c0f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c415bd7267d6aa4084922144b7ec8fba624935d3
commit c415bd7267d6aa4084922144b7ec8fba624935d3
Merge: de4f085 06e4960 db95c63
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:53 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=de4f0851f3b84b058d2d72cc8eefa20bd46f30e7
commit de4f0851f3b84b058d2d72cc8eefa20bd46f30e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:53 2013 -0300
float
diff --git a/meta b/meta
index ef55652..0689931 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: 81f115354cd3a8197aefc51902185576074e32e4
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: db95c6393f559d6cb9b4cbf00010033c0f577e78
+Head: 06e4960536888589dff34cbc68b16091f303bc5e
Applied:
+ powerpc-nofpu-sim-note-nothread.patch: 06e4960536888589dff34cbc68b16091f303bc5e
Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
- powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 3a80ccf..5a7513e 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: ec44285035bdee25fdfdd25c2385cb08deeced27
-Top: d924767fdd94034e5ddf99b3e5a9291d4c5a5366
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: b937cc635d4d2275aefa75f55fe195e302fbe4e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06e4960536888589dff34cbc68b16091f303bc5e
commit 06e4960536888589dff34cbc68b16091f303bc5e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=db95c6393f559d6cb9b4cbf00010033c0f577e78
commit db95c6393f559d6cb9b4cbf00010033c0f577e78
Merge: d14e19d ca0a6bc 81f1153
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:35 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d14e19deed286c0fbd17306a13ad325799419113
commit d14e19deed286c0fbd17306a13ad325799419113
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:35 2013 -0300
pop
diff --git a/meta b/meta
index 2ecd428..ef55652 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: 2429ba8875e1151438adb059a52ce5cda78efcfc
-Head: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
+Previous: 81f115354cd3a8197aefc51902185576074e32e4
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
-Unapplied:
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
manual-document-mt-safety-charset.patch: c4b388232d899078a1b6d6a59f8c81d91b48f0a1
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=81f115354cd3a8197aefc51902185576074e32e4
commit 81f115354cd3a8197aefc51902185576074e32e4
Merge: 8ce4879 2429ba8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:29 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ce4879c69c50f37ff786a66e006601fe5d8e928
commit 8ce4879c69c50f37ff786a66e006601fe5d8e928
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:29 2013 -0300
push
diff --git a/meta b/meta
index d16bc1b..2ecd428 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: 67bebf05cfcd9447ef623112efcb210a278428e4
-Head: e34ecb782685d8b4d0d6a9badd3c4860d373179a
+Previous: 2429ba8875e1151438adb059a52ce5cda78efcfc
+Head: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
-Unapplied:
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
+Unapplied:
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
manual-document-mt-safety-charset.patch: c4b388232d899078a1b6d6a59f8c81d91b48f0a1
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2429ba8875e1151438adb059a52ce5cda78efcfc
commit 2429ba8875e1151438adb059a52ce5cda78efcfc
Merge: 47da830 67bebf0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=47da83057f825a6b7627cf670c06a7675018381c
commit 47da83057f825a6b7627cf670c06a7675018381c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:25 2013 -0300
push
diff --git a/meta b/meta
index 150277b..d16bc1b 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: 4cdf74a8af171ed0c171c50a282b215e381e6b23
-Head: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
+Previous: 67bebf05cfcd9447ef623112efcb210a278428e4
+Head: e34ecb782685d8b4d0d6a9badd3c4860d373179a
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
-Unapplied:
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
+Unapplied:
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=67bebf05cfcd9447ef623112efcb210a278428e4
commit 67bebf05cfcd9447ef623112efcb210a278428e4
Merge: 88d75e8 4cdf74a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:24 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=88d75e83597fab87a8753685c78e8e905cb9d169
commit 88d75e83597fab87a8753685c78e8e905cb9d169
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:24 2013 -0300
push
diff --git a/meta b/meta
index c9f485f..150277b 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: a13b35864a913a00009770907a5956526404cf5c
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: 4cdf74a8af171ed0c171c50a282b215e381e6b23
+Head: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
Applied:
-Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4cdf74a8af171ed0c171c50a282b215e381e6b23
commit 4cdf74a8af171ed0c171c50a282b215e381e6b23
Merge: 874ce9a ca0a6bc a13b358
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:20 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=874ce9aa723092e2ad86eaa9c6ab9be731fcdc33
commit 874ce9aa723092e2ad86eaa9c6ab9be731fcdc33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:20 2013 -0300
pop
diff --git a/meta b/meta
index e99cc26..c9f485f 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: 6491c384a0a95e8bf2201fcc6a6a87b191b4f3fb
-Head: 29601892fc048942d31e8e0d1768365ced9a95de
+Previous: a13b35864a913a00009770907a5956526404cf5c
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
@@ -30,5 +31,4 @@ Applied:
wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
remove-ieee754-support.patch: 29601892fc048942d31e8e0d1768365ced9a95de
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a13b35864a913a00009770907a5956526404cf5c
commit a13b35864a913a00009770907a5956526404cf5c
Merge: f692e91 2960189 6491c38
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:14 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f692e913b70221a5d615965b41cd4c677e23ab5e
commit f692e913b70221a5d615965b41cd4c677e23ab5e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:14 2013 -0300
refresh
diff --git a/meta b/meta
index c9b4d63..e99cc26 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 575a99ada411dcc3ddc0be92200cbf114537f7b5
-Head: 45704a90d0c02a27353a86cce2023a7cff0850a8
+Previous: 6491c384a0a95e8bf2201fcc6a6a87b191b4f3fb
+Head: 29601892fc048942d31e8e0d1768365ced9a95de
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
@@ -29,7 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 88d6db1efac30fda4ced56f1f651174b35cf5214
wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
- remove-ieee754-support.patch: 511350628e6d67533247487df877b6b5c8110398
- refresh-temp: 45704a90d0c02a27353a86cce2023a7cff0850a8
+ remove-ieee754-support.patch: 29601892fc048942d31e8e0d1768365ced9a95de
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 1ea4fb8..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,535 +0,0 @@
-Bottom: b84a5f688770814e8732185c0f64b14903b5b29a
-Top: 9cd1ed610c81866354975c873c2429e57421212a
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 00:33:13 -0300
-
-Refresh of remove-ieee754-support.patch
-
----
-
-diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
-deleted file mode 100644
-index 0bbd892f..0000000
---- a/sysdeps/ieee754/support.c
-+++ /dev/null
-@@ -1,520 +0,0 @@
--/*
-- * Copyright (c) 1985, 1993
-- * The Regents of the University of California. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 4. Neither the name of the University nor the names of its contributors
-- * may be used to endorse or promote products derived from this software
-- * without specific prior written permission.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- */
--
--#ifndef lint
--static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
--#endif /* not lint */
--
--/*
-- * Some IEEE standard 754 recommended functions and remainder and sqrt for
-- * supporting the C elementary functions.
-- ******************************************************************************
-- * WARNING:
-- * These codes are developed (in double) to support the C elementary
-- * functions temporarily. They are not universal, and some of them are very
-- * slow (in particular, drem and sqrt is extremely inefficient). Each
-- * computer system should have its implementation of these functions using
-- * its own assembler.
-- ******************************************************************************
-- *
-- * IEEE 754 required operations:
-- * drem(x,p)
-- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
-- * nearest x/y; in half way case, choose the even one.
-- * sqrt(x)
-- * returns the square root of x correctly rounded according to
-- * the rounding mod.
-- *
-- * IEEE 754 recommended functions:
-- * (a) copysign(x,y)
-- * returns x with the sign of y.
-- * (b) scalb(x,N)
-- * returns x * (2**N), for integer values N.
-- * (c) logb(x)
-- * returns the unbiased exponent of x, a signed integer in
-- * double precision, except that logb(0) is -INF, logb(INF)
-- * is +INF, and logb(NAN) is that NAN.
-- * (d) finite(x)
-- * returns the value TRUE if -INF < x < +INF and returns
-- * FALSE otherwise.
-- *
-- *
-- * CODED IN C BY K.C. NG, 11/25/84;
-- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
-- */
--
--#include "mathimpl.h"
--
--#if defined(vax)||defined(tahoe) /* VAX D format */
--#include <errno.h>
-- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
-- static const short prep1=57, gap=7, bias=129 ;
-- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
--#else /* defined(vax)||defined(tahoe) */
-- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
-- static const short prep1=54, gap=4, bias=1023 ;
-- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
--#endif /* defined(vax)||defined(tahoe) */
--
--double scalbn(x,N)
--double x; int N;
--{
-- int k;
--
--#ifdef national
-- unsigned short *px=(unsigned short *) &x + 3;
--#else /* national */
-- unsigned short *px=(unsigned short *) &x;
--#endif /* national */
--
-- if( x == zero ) return(x);
--
--#if defined(vax)||defined(tahoe)
-- if( (k= *px & mexp ) != ~msign ) {
-- if (N < -260)
-- return(nunf*nunf);
-- else if (N > 260) {
-- return(copysign(infnan(ERANGE),x));
-- }
--#else /* defined(vax)||defined(tahoe) */
-- if( (k= *px & mexp ) != mexp ) {
-- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
-- if( k == 0 ) {
-- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
--#endif /* defined(vax)||defined(tahoe) */
--
-- if((k = (k>>gap)+ N) > 0 )
-- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
-- else x=novf+novf; /* overflow */
-- else
-- if( k > -prep1 )
-- /* gradual underflow */
-- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
-- else
-- return(nunf*nunf);
-- }
-- return(x);
--}
--
--
--double copysign(x,y)
--double x,y;
--{
--#ifdef national
-- unsigned short *px=(unsigned short *) &x+3,
-- *py=(unsigned short *) &y+3;
--#else /* national */
-- unsigned short *px=(unsigned short *) &x,
-- *py=(unsigned short *) &y;
--#endif /* national */
--
--#if defined(vax)||defined(tahoe)
-- if ( (*px & mexp) == 0 ) return(x);
--#endif /* defined(vax)||defined(tahoe) */
--
-- *px = ( *px & msign ) | ( *py & ~msign );
-- return(x);
--}
--
--double logb(x)
--double x;
--{
--
--#ifdef national
-- short *px=(short *) &x+3, k;
--#else /* national */
-- short *px=(short *) &x, k;
--#endif /* national */
--
--#if defined(vax)||defined(tahoe)
-- return (int)(((*px&mexp)>>gap)-bias);
--#else /* defined(vax)||defined(tahoe) */
-- if( (k= *px & mexp ) != mexp )
-- if ( k != 0 )
-- return ( (k>>gap) - bias );
-- else if( x != zero)
-- return ( -1022.0 );
-- else
-- return(-(1.0/zero));
-- else if(x != x)
-- return(x);
-- else
-- {*px &= msign; return(x);}
--#endif /* defined(vax)||defined(tahoe) */
--}
--
--finite(x)
--double x;
--{
--#if defined(vax)||defined(tahoe)
-- return(1);
--#else /* defined(vax)||defined(tahoe) */
--#ifdef national
-- return( (*((short *) &x+3 ) & mexp ) != mexp );
--#else /* national */
-- return( (*((short *) &x ) & mexp ) != mexp );
--#endif /* national */
--#endif /* defined(vax)||defined(tahoe) */
--}
--
--double drem(x,p)
--double x,p;
--{
-- short sign;
-- double hp,dp,tmp;
-- unsigned short k;
--#ifdef national
-- unsigned short
-- *px=(unsigned short *) &x +3,
-- *pp=(unsigned short *) &p +3,
-- *pd=(unsigned short *) &dp +3,
-- *pt=(unsigned short *) &tmp+3;
--#else /* national */
-- unsigned short
-- *px=(unsigned short *) &x ,
-- *pp=(unsigned short *) &p ,
-- *pd=(unsigned short *) &dp ,
-- *pt=(unsigned short *) &tmp;
--#endif /* national */
--
-- *pp &= msign ;
--
--#if defined(vax)||defined(tahoe)
-- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
--#else /* defined(vax)||defined(tahoe) */
-- if( ( *px & mexp ) == mexp )
--#endif /* defined(vax)||defined(tahoe) */
-- return (x-p)-(x-p); /* create nan if x is inf */
-- if (p == zero) {
--#if defined(vax)||defined(tahoe)
-- return(infnan(EDOM));
--#else /* defined(vax)||defined(tahoe) */
-- return zero/zero;
--#endif /* defined(vax)||defined(tahoe) */
-- }
--
--#if defined(vax)||defined(tahoe)
-- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
--#else /* defined(vax)||defined(tahoe) */
-- if( ( *pp & mexp ) == mexp )
--#endif /* defined(vax)||defined(tahoe) */
-- { if (p != p) return p; else return x;}
--
-- else if ( ((*pp & mexp)>>gap) <= 1 )
-- /* subnormal p, or almost subnormal p */
-- { double b; b=scalbn(1.0,(int)prep1);
-- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
-- else if ( p >= novf/2)
-- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
-- else
-- {
-- dp=p+p; hp=p/2;
-- sign= *px & ~msign ;
-- *px &= msign ;
-- while ( x > dp )
-- {
-- k=(*px & mexp) - (*pd & mexp) ;
-- tmp = dp ;
-- *pt += k ;
--
--#if defined(vax)||defined(tahoe)
-- if( x < tmp ) *pt -= 128 ;
--#else /* defined(vax)||defined(tahoe) */
-- if( x < tmp ) *pt -= 16 ;
--#endif /* defined(vax)||defined(tahoe) */
--
-- x -= tmp ;
-- }
-- if ( x > hp )
-- { x -= p ; if ( x >= hp ) x -= p ; }
--
--#if defined(vax)||defined(tahoe)
-- if (x)
--#endif /* defined(vax)||defined(tahoe) */
-- *px ^= sign;
-- return( x);
--
-- }
--}
--
--
--double sqrt(x)
--double x;
--{
-- double q,s,b,r;
-- double t;
-- double const zero=0.0;
-- int m,n,i;
--#if defined(vax)||defined(tahoe)
-- int k=54;
--#else /* defined(vax)||defined(tahoe) */
-- int k=51;
--#endif /* defined(vax)||defined(tahoe) */
--
-- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
-- if(x!=x||x==zero) return(x);
--
-- /* sqrt(negative) is invalid */
-- if(x<zero) {
--#if defined(vax)||defined(tahoe)
-- return (infnan(EDOM)); /* NaN */
--#else /* defined(vax)||defined(tahoe) */
-- return(zero/zero);
--#endif /* defined(vax)||defined(tahoe) */
-- }
--
-- /* sqrt(INF) is INF */
-- if(!finite(x)) return(x);
--
-- /* scale x to [1,4) */
-- n=logb(x);
-- x=scalbn(x,-n);
-- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
-- m += n;
-- n = m/2;
-- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
--
-- /* generate sqrt(x) bit by bit (accumulating in q) */
-- q=1.0; s=4.0; x -= 1.0; r=1;
-- for(i=1;i<=k;i++) {
-- t=s+1; x *= 4; r /= 2;
-- if(t<=x) {
-- s=t+t+2, x -= t; q += r;}
-- else
-- s *= 2;
-- }
--
-- /* generate the last bit and determine the final rounding */
-- r/=2; x *= 4;
-- if(x==zero) goto end; 100+r; /* trigger inexact flag */
-- if(s<x) {
-- q+=r; x -=s; s += 2; s *= 2; x *= 4;
-- t = (x-s)-5;
-- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
-- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
-- if(t>=0) q+=r; } /* else: Round-to-nearest */
-- else {
-- s *= 2; x *= 4;
-- t = (x-s)-1;
-- b=1.0+3*r/4; if(b==1.0) goto end;
-- b=1.0+r/4; if(b>1.0) t=1;
-- if(t>=0) q+=r; }
--
--end: return(scalbn(q,n));
--}
--
--#if 0
--/* DREM(X,Y)
-- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
-- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
-- * INTENDED FOR ASSEMBLY LANGUAGE
-- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
-- *
-- * Warning: this code should not get compiled in unless ALL of
-- * the following machine-dependent routines are supplied.
-- *
-- * Required machine dependent functions (not on a VAX):
-- * swapINX(i): save inexact flag and reset it to "i"
-- * swapENI(e): save inexact enable and reset it to "e"
-- */
--
--double drem(x,y)
--double x,y;
--{
--
--#ifdef national /* order of words in floating point number */
-- static const n0=3,n1=2,n2=1,n3=0;
--#else /* VAX, SUN, ZILOG, TAHOE */
-- static const n0=0,n1=1,n2=2,n3=3;
--#endif
--
-- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
-- static const double zero=0.0;
-- double hy,y1,t,t1;
-- short k;
-- long n;
-- int i,e;
-- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
-- nx,nf, *py =(unsigned short *) &y ,
-- sign, *pt =(unsigned short *) &t ,
-- *pt1 =(unsigned short *) &t1 ;
--
-- xexp = px[n0] & mexp ; /* exponent of x */
-- yexp = py[n0] & mexp ; /* exponent of y */
-- sign = px[n0] &0x8000; /* sign of x */
--
--/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
-- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
-- if( xexp == mexp ) return(zero/zero); /* x is INF */
-- if(y==zero) return(y/y);
--
--/* save the inexact flag and inexact enable in i and e respectively
-- * and reset them to zero
-- */
-- i=swapINX(0); e=swapENI(0);
--
--/* subnormal number */
-- nx=0;
-- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
--
--/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
-- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
--
-- nf=nx;
-- py[n0] &= 0x7fff;
-- px[n0] &= 0x7fff;
--
--/* mask off the least significant 27 bits of y */
-- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
--
--/* LOOP: argument reduction on x whenever x > y */
--loop:
-- while ( x > y )
-- {
-- t=y;
-- t1=y1;
-- xexp=px[n0]&mexp; /* exponent of x */
-- k=xexp-yexp-m25;
-- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
-- {pt[n0]+=k;pt1[n0]+=k;}
-- n=x/t; x=(x-n*t1)-n*(t-t1);
-- }
-- /* end while (x > y) */
--
-- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
--
--/* final adjustment */
--
-- hy=y/2.0;
-- if(x>hy||((x==hy)&&n%2==1)) x-=y;
-- px[n0] ^= sign;
-- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
--
--/* restore inexact flag and inexact enable */
-- swapINX(i); swapENI(e);
--
-- return(x);
--}
--#endif
--
--#if 0
--/* SQRT
-- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
-- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
-- * CODED IN C BY K.C. NG, 3/22/85.
-- *
-- * Warning: this code should not get compiled in unless ALL of
-- * the following machine-dependent routines are supplied.
-- *
-- * Required machine dependent functions:
-- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
-- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
-- * swapENI(e) ...return the status of inexact enable and reset it to "e"
-- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
-- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
-- */
--
--static const unsigned long table[] = {
--0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
--58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
--21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
--
--double newsqrt(x)
--double x;
--{
-- double y,z,t,addc(),subc()
-- double const b54=134217728.*134217728.; /* b54=2**54 */
-- long mx,scalx;
-- long const mexp=0x7ff00000;
-- int i,j,r,e,swapINX(),swapRM(),swapENI();
-- unsigned long *py=(unsigned long *) &y ,
-- *pt=(unsigned long *) &t ,
-- *px=(unsigned long *) &x ;
--#ifdef national /* ordering of word in a floating point number */
-- const int n0=1, n1=0;
--#else
-- const int n0=0, n1=1;
--#endif
--/* Rounding Mode: RN ...round-to-nearest
-- * RZ ...round-towards 0
-- * RP ...round-towards +INF
-- * RM ...round-towards -INF
-- */
-- const int RN=0,RZ=1,RP=2,RM=3;
-- /* machine dependent: work on a Zilog Z8070
-- * and a National 32081 & 16081
-- */
--
--/* exceptions */
-- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
-- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
-- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
--
--/* save, reset, initialize */
-- e=swapENI(0); /* ...save and reset the inexact enable */
-- i=swapINX(0); /* ...save INEXACT flag */
-- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
-- scalx=0;
--
--/* subnormal number, scale up x to x*2**54 */
-- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
--
--/* scale x to avoid intermediate over/underflow:
-- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
-- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
-- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
--
--/* magic initial approximation to almost 8 sig. bits */
-- py[n0]=(px[n0]>>1)+0x1ff80000;
-- py[n0]=py[n0]-table[(py[n0]>>15)&31];
--
--/* Heron's rule once with correction to improve y to almost 18 sig. bits */
-- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
--
--/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
-- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
-- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
--
--/* twiddle last bit to force y correctly rounded */
-- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
-- swapINX(0); /* ...clear INEXACT flag */
-- swapENI(e); /* ...restore inexact enable status */
-- t=x/y; /* ...chopped quotient, possibly inexact */
-- j=swapINX(i); /* ...read and restore inexact flag */
-- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
-- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
-- if(r==RN) t=addc(t); /* ...t=t+ulp */
-- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
-- y=y+t; /* ...chopped sum */
-- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
--end: py[n0]=py[n0]+scalx; /* ...scale back y */
-- swapRM(r); /* ...restore Rounding Mode */
-- return(y);
--}
--#endif
diff --git a/patches/remove-ieee754-support.patch b/patches/remove-ieee754-support.patch
index 940c1a6..1b82d3a 100644
--- a/patches/remove-ieee754-support.patch
+++ b/patches/remove-ieee754-support.patch
@@ -1,5 +1,5 @@
Bottom: b84a5f688770814e8732185c0f64b14903b5b29a
-Top: b84a5f688770814e8732185c0f64b14903b5b29a
+Top: 9cd1ed610c81866354975c873c2429e57421212a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-16 00:32:53 -0300
@@ -12,4 +12,529 @@ for ChangeLog
---
-
+diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
+deleted file mode 100644
+index 0bbd892f..0000000
+--- a/sysdeps/ieee754/support.c
++++ /dev/null
+@@ -1,520 +0,0 @@
+-/*
+- * Copyright (c) 1985, 1993
+- * The Regents of the University of California. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 4. Neither the name of the University nor the names of its contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-#ifndef lint
+-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
+-#endif /* not lint */
+-
+-/*
+- * Some IEEE standard 754 recommended functions and remainder and sqrt for
+- * supporting the C elementary functions.
+- ******************************************************************************
+- * WARNING:
+- * These codes are developed (in double) to support the C elementary
+- * functions temporarily. They are not universal, and some of them are very
+- * slow (in particular, drem and sqrt is extremely inefficient). Each
+- * computer system should have its implementation of these functions using
+- * its own assembler.
+- ******************************************************************************
+- *
+- * IEEE 754 required operations:
+- * drem(x,p)
+- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
+- * nearest x/y; in half way case, choose the even one.
+- * sqrt(x)
+- * returns the square root of x correctly rounded according to
+- * the rounding mod.
+- *
+- * IEEE 754 recommended functions:
+- * (a) copysign(x,y)
+- * returns x with the sign of y.
+- * (b) scalb(x,N)
+- * returns x * (2**N), for integer values N.
+- * (c) logb(x)
+- * returns the unbiased exponent of x, a signed integer in
+- * double precision, except that logb(0) is -INF, logb(INF)
+- * is +INF, and logb(NAN) is that NAN.
+- * (d) finite(x)
+- * returns the value TRUE if -INF < x < +INF and returns
+- * FALSE otherwise.
+- *
+- *
+- * CODED IN C BY K.C. NG, 11/25/84;
+- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
+- */
+-
+-#include "mathimpl.h"
+-
+-#if defined(vax)||defined(tahoe) /* VAX D format */
+-#include <errno.h>
+- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
+- static const short prep1=57, gap=7, bias=129 ;
+- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
+-#else /* defined(vax)||defined(tahoe) */
+- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
+- static const short prep1=54, gap=4, bias=1023 ;
+- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+-double scalbn(x,N)
+-double x; int N;
+-{
+- int k;
+-
+-#ifdef national
+- unsigned short *px=(unsigned short *) &x + 3;
+-#else /* national */
+- unsigned short *px=(unsigned short *) &x;
+-#endif /* national */
+-
+- if( x == zero ) return(x);
+-
+-#if defined(vax)||defined(tahoe)
+- if( (k= *px & mexp ) != ~msign ) {
+- if (N < -260)
+- return(nunf*nunf);
+- else if (N > 260) {
+- return(copysign(infnan(ERANGE),x));
+- }
+-#else /* defined(vax)||defined(tahoe) */
+- if( (k= *px & mexp ) != mexp ) {
+- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
+- if( k == 0 ) {
+- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- if((k = (k>>gap)+ N) > 0 )
+- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
+- else x=novf+novf; /* overflow */
+- else
+- if( k > -prep1 )
+- /* gradual underflow */
+- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
+- else
+- return(nunf*nunf);
+- }
+- return(x);
+-}
+-
+-
+-double copysign(x,y)
+-double x,y;
+-{
+-#ifdef national
+- unsigned short *px=(unsigned short *) &x+3,
+- *py=(unsigned short *) &y+3;
+-#else /* national */
+- unsigned short *px=(unsigned short *) &x,
+- *py=(unsigned short *) &y;
+-#endif /* national */
+-
+-#if defined(vax)||defined(tahoe)
+- if ( (*px & mexp) == 0 ) return(x);
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- *px = ( *px & msign ) | ( *py & ~msign );
+- return(x);
+-}
+-
+-double logb(x)
+-double x;
+-{
+-
+-#ifdef national
+- short *px=(short *) &x+3, k;
+-#else /* national */
+- short *px=(short *) &x, k;
+-#endif /* national */
+-
+-#if defined(vax)||defined(tahoe)
+- return (int)(((*px&mexp)>>gap)-bias);
+-#else /* defined(vax)||defined(tahoe) */
+- if( (k= *px & mexp ) != mexp )
+- if ( k != 0 )
+- return ( (k>>gap) - bias );
+- else if( x != zero)
+- return ( -1022.0 );
+- else
+- return(-(1.0/zero));
+- else if(x != x)
+- return(x);
+- else
+- {*px &= msign; return(x);}
+-#endif /* defined(vax)||defined(tahoe) */
+-}
+-
+-finite(x)
+-double x;
+-{
+-#if defined(vax)||defined(tahoe)
+- return(1);
+-#else /* defined(vax)||defined(tahoe) */
+-#ifdef national
+- return( (*((short *) &x+3 ) & mexp ) != mexp );
+-#else /* national */
+- return( (*((short *) &x ) & mexp ) != mexp );
+-#endif /* national */
+-#endif /* defined(vax)||defined(tahoe) */
+-}
+-
+-double drem(x,p)
+-double x,p;
+-{
+- short sign;
+- double hp,dp,tmp;
+- unsigned short k;
+-#ifdef national
+- unsigned short
+- *px=(unsigned short *) &x +3,
+- *pp=(unsigned short *) &p +3,
+- *pd=(unsigned short *) &dp +3,
+- *pt=(unsigned short *) &tmp+3;
+-#else /* national */
+- unsigned short
+- *px=(unsigned short *) &x ,
+- *pp=(unsigned short *) &p ,
+- *pd=(unsigned short *) &dp ,
+- *pt=(unsigned short *) &tmp;
+-#endif /* national */
+-
+- *pp &= msign ;
+-
+-#if defined(vax)||defined(tahoe)
+- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
+-#else /* defined(vax)||defined(tahoe) */
+- if( ( *px & mexp ) == mexp )
+-#endif /* defined(vax)||defined(tahoe) */
+- return (x-p)-(x-p); /* create nan if x is inf */
+- if (p == zero) {
+-#if defined(vax)||defined(tahoe)
+- return(infnan(EDOM));
+-#else /* defined(vax)||defined(tahoe) */
+- return zero/zero;
+-#endif /* defined(vax)||defined(tahoe) */
+- }
+-
+-#if defined(vax)||defined(tahoe)
+- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
+-#else /* defined(vax)||defined(tahoe) */
+- if( ( *pp & mexp ) == mexp )
+-#endif /* defined(vax)||defined(tahoe) */
+- { if (p != p) return p; else return x;}
+-
+- else if ( ((*pp & mexp)>>gap) <= 1 )
+- /* subnormal p, or almost subnormal p */
+- { double b; b=scalbn(1.0,(int)prep1);
+- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
+- else if ( p >= novf/2)
+- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
+- else
+- {
+- dp=p+p; hp=p/2;
+- sign= *px & ~msign ;
+- *px &= msign ;
+- while ( x > dp )
+- {
+- k=(*px & mexp) - (*pd & mexp) ;
+- tmp = dp ;
+- *pt += k ;
+-
+-#if defined(vax)||defined(tahoe)
+- if( x < tmp ) *pt -= 128 ;
+-#else /* defined(vax)||defined(tahoe) */
+- if( x < tmp ) *pt -= 16 ;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- x -= tmp ;
+- }
+- if ( x > hp )
+- { x -= p ; if ( x >= hp ) x -= p ; }
+-
+-#if defined(vax)||defined(tahoe)
+- if (x)
+-#endif /* defined(vax)||defined(tahoe) */
+- *px ^= sign;
+- return( x);
+-
+- }
+-}
+-
+-
+-double sqrt(x)
+-double x;
+-{
+- double q,s,b,r;
+- double t;
+- double const zero=0.0;
+- int m,n,i;
+-#if defined(vax)||defined(tahoe)
+- int k=54;
+-#else /* defined(vax)||defined(tahoe) */
+- int k=51;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
+- if(x!=x||x==zero) return(x);
+-
+- /* sqrt(negative) is invalid */
+- if(x<zero) {
+-#if defined(vax)||defined(tahoe)
+- return (infnan(EDOM)); /* NaN */
+-#else /* defined(vax)||defined(tahoe) */
+- return(zero/zero);
+-#endif /* defined(vax)||defined(tahoe) */
+- }
+-
+- /* sqrt(INF) is INF */
+- if(!finite(x)) return(x);
+-
+- /* scale x to [1,4) */
+- n=logb(x);
+- x=scalbn(x,-n);
+- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
+- m += n;
+- n = m/2;
+- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
+-
+- /* generate sqrt(x) bit by bit (accumulating in q) */
+- q=1.0; s=4.0; x -= 1.0; r=1;
+- for(i=1;i<=k;i++) {
+- t=s+1; x *= 4; r /= 2;
+- if(t<=x) {
+- s=t+t+2, x -= t; q += r;}
+- else
+- s *= 2;
+- }
+-
+- /* generate the last bit and determine the final rounding */
+- r/=2; x *= 4;
+- if(x==zero) goto end; 100+r; /* trigger inexact flag */
+- if(s<x) {
+- q+=r; x -=s; s += 2; s *= 2; x *= 4;
+- t = (x-s)-5;
+- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
+- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
+- if(t>=0) q+=r; } /* else: Round-to-nearest */
+- else {
+- s *= 2; x *= 4;
+- t = (x-s)-1;
+- b=1.0+3*r/4; if(b==1.0) goto end;
+- b=1.0+r/4; if(b>1.0) t=1;
+- if(t>=0) q+=r; }
+-
+-end: return(scalbn(q,n));
+-}
+-
+-#if 0
+-/* DREM(X,Y)
+- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
+- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
+- * INTENDED FOR ASSEMBLY LANGUAGE
+- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
+- *
+- * Warning: this code should not get compiled in unless ALL of
+- * the following machine-dependent routines are supplied.
+- *
+- * Required machine dependent functions (not on a VAX):
+- * swapINX(i): save inexact flag and reset it to "i"
+- * swapENI(e): save inexact enable and reset it to "e"
+- */
+-
+-double drem(x,y)
+-double x,y;
+-{
+-
+-#ifdef national /* order of words in floating point number */
+- static const n0=3,n1=2,n2=1,n3=0;
+-#else /* VAX, SUN, ZILOG, TAHOE */
+- static const n0=0,n1=1,n2=2,n3=3;
+-#endif
+-
+- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
+- static const double zero=0.0;
+- double hy,y1,t,t1;
+- short k;
+- long n;
+- int i,e;
+- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
+- nx,nf, *py =(unsigned short *) &y ,
+- sign, *pt =(unsigned short *) &t ,
+- *pt1 =(unsigned short *) &t1 ;
+-
+- xexp = px[n0] & mexp ; /* exponent of x */
+- yexp = py[n0] & mexp ; /* exponent of y */
+- sign = px[n0] &0x8000; /* sign of x */
+-
+-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
+- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
+- if( xexp == mexp ) return(zero/zero); /* x is INF */
+- if(y==zero) return(y/y);
+-
+-/* save the inexact flag and inexact enable in i and e respectively
+- * and reset them to zero
+- */
+- i=swapINX(0); e=swapENI(0);
+-
+-/* subnormal number */
+- nx=0;
+- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
+-
+-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
+- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
+-
+- nf=nx;
+- py[n0] &= 0x7fff;
+- px[n0] &= 0x7fff;
+-
+-/* mask off the least significant 27 bits of y */
+- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
+-
+-/* LOOP: argument reduction on x whenever x > y */
+-loop:
+- while ( x > y )
+- {
+- t=y;
+- t1=y1;
+- xexp=px[n0]&mexp; /* exponent of x */
+- k=xexp-yexp-m25;
+- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
+- {pt[n0]+=k;pt1[n0]+=k;}
+- n=x/t; x=(x-n*t1)-n*(t-t1);
+- }
+- /* end while (x > y) */
+-
+- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
+-
+-/* final adjustment */
+-
+- hy=y/2.0;
+- if(x>hy||((x==hy)&&n%2==1)) x-=y;
+- px[n0] ^= sign;
+- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
+-
+-/* restore inexact flag and inexact enable */
+- swapINX(i); swapENI(e);
+-
+- return(x);
+-}
+-#endif
+-
+-#if 0
+-/* SQRT
+- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
+- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
+- * CODED IN C BY K.C. NG, 3/22/85.
+- *
+- * Warning: this code should not get compiled in unless ALL of
+- * the following machine-dependent routines are supplied.
+- *
+- * Required machine dependent functions:
+- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
+- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
+- * swapENI(e) ...return the status of inexact enable and reset it to "e"
+- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
+- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
+- */
+-
+-static const unsigned long table[] = {
+-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
+-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
+-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
+-
+-double newsqrt(x)
+-double x;
+-{
+- double y,z,t,addc(),subc()
+- double const b54=134217728.*134217728.; /* b54=2**54 */
+- long mx,scalx;
+- long const mexp=0x7ff00000;
+- int i,j,r,e,swapINX(),swapRM(),swapENI();
+- unsigned long *py=(unsigned long *) &y ,
+- *pt=(unsigned long *) &t ,
+- *px=(unsigned long *) &x ;
+-#ifdef national /* ordering of word in a floating point number */
+- const int n0=1, n1=0;
+-#else
+- const int n0=0, n1=1;
+-#endif
+-/* Rounding Mode: RN ...round-to-nearest
+- * RZ ...round-towards 0
+- * RP ...round-towards +INF
+- * RM ...round-towards -INF
+- */
+- const int RN=0,RZ=1,RP=2,RM=3;
+- /* machine dependent: work on a Zilog Z8070
+- * and a National 32081 & 16081
+- */
+-
+-/* exceptions */
+- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
+- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
+- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
+-
+-/* save, reset, initialize */
+- e=swapENI(0); /* ...save and reset the inexact enable */
+- i=swapINX(0); /* ...save INEXACT flag */
+- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
+- scalx=0;
+-
+-/* subnormal number, scale up x to x*2**54 */
+- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
+-
+-/* scale x to avoid intermediate over/underflow:
+- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
+- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
+- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
+-
+-/* magic initial approximation to almost 8 sig. bits */
+- py[n0]=(px[n0]>>1)+0x1ff80000;
+- py[n0]=py[n0]-table[(py[n0]>>15)&31];
+-
+-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
+- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
+-
+-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
+- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
+- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
+-
+-/* twiddle last bit to force y correctly rounded */
+- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
+- swapINX(0); /* ...clear INEXACT flag */
+- swapENI(e); /* ...restore inexact enable status */
+- t=x/y; /* ...chopped quotient, possibly inexact */
+- j=swapINX(i); /* ...read and restore inexact flag */
+- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
+- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
+- if(r==RN) t=addc(t); /* ...t=t+ulp */
+- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
+- y=y+t; /* ...chopped sum */
+- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
+-end: py[n0]=py[n0]+scalx; /* ...scale back y */
+- swapRM(r); /* ...restore Rounding Mode */
+- return(y);
+-}
+-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6491c384a0a95e8bf2201fcc6a6a87b191b4f3fb
commit 6491c384a0a95e8bf2201fcc6a6a87b191b4f3fb
Merge: 05ca0b2 45704a9 575a99a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:13 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=05ca0b2a9a38829c3bde64e4c0c4e86d03dbb1b7
commit 05ca0b2a9a38829c3bde64e4c0c4e86d03dbb1b7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:13 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index d87c6a4..c9b4d63 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6befbab55a0494cfde0b24c1273eeaa1bca585d9
-Head: 511350628e6d67533247487df877b6b5c8110398
+Previous: 575a99ada411dcc3ddc0be92200cbf114537f7b5
+Head: 45704a90d0c02a27353a86cce2023a7cff0850a8
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
@@ -30,5 +30,6 @@ Applied:
wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
remove-ieee754-support.patch: 511350628e6d67533247487df877b6b5c8110398
+ refresh-temp: 45704a90d0c02a27353a86cce2023a7cff0850a8
Unapplied:
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..1ea4fb8
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,535 @@
+Bottom: b84a5f688770814e8732185c0f64b14903b5b29a
+Top: 9cd1ed610c81866354975c873c2429e57421212a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 00:33:13 -0300
+
+Refresh of remove-ieee754-support.patch
+
+---
+
+diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
+deleted file mode 100644
+index 0bbd892f..0000000
+--- a/sysdeps/ieee754/support.c
++++ /dev/null
+@@ -1,520 +0,0 @@
+-/*
+- * Copyright (c) 1985, 1993
+- * The Regents of the University of California. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 4. Neither the name of the University nor the names of its contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-#ifndef lint
+-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
+-#endif /* not lint */
+-
+-/*
+- * Some IEEE standard 754 recommended functions and remainder and sqrt for
+- * supporting the C elementary functions.
+- ******************************************************************************
+- * WARNING:
+- * These codes are developed (in double) to support the C elementary
+- * functions temporarily. They are not universal, and some of them are very
+- * slow (in particular, drem and sqrt is extremely inefficient). Each
+- * computer system should have its implementation of these functions using
+- * its own assembler.
+- ******************************************************************************
+- *
+- * IEEE 754 required operations:
+- * drem(x,p)
+- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
+- * nearest x/y; in half way case, choose the even one.
+- * sqrt(x)
+- * returns the square root of x correctly rounded according to
+- * the rounding mod.
+- *
+- * IEEE 754 recommended functions:
+- * (a) copysign(x,y)
+- * returns x with the sign of y.
+- * (b) scalb(x,N)
+- * returns x * (2**N), for integer values N.
+- * (c) logb(x)
+- * returns the unbiased exponent of x, a signed integer in
+- * double precision, except that logb(0) is -INF, logb(INF)
+- * is +INF, and logb(NAN) is that NAN.
+- * (d) finite(x)
+- * returns the value TRUE if -INF < x < +INF and returns
+- * FALSE otherwise.
+- *
+- *
+- * CODED IN C BY K.C. NG, 11/25/84;
+- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
+- */
+-
+-#include "mathimpl.h"
+-
+-#if defined(vax)||defined(tahoe) /* VAX D format */
+-#include <errno.h>
+- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
+- static const short prep1=57, gap=7, bias=129 ;
+- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
+-#else /* defined(vax)||defined(tahoe) */
+- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
+- static const short prep1=54, gap=4, bias=1023 ;
+- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+-double scalbn(x,N)
+-double x; int N;
+-{
+- int k;
+-
+-#ifdef national
+- unsigned short *px=(unsigned short *) &x + 3;
+-#else /* national */
+- unsigned short *px=(unsigned short *) &x;
+-#endif /* national */
+-
+- if( x == zero ) return(x);
+-
+-#if defined(vax)||defined(tahoe)
+- if( (k= *px & mexp ) != ~msign ) {
+- if (N < -260)
+- return(nunf*nunf);
+- else if (N > 260) {
+- return(copysign(infnan(ERANGE),x));
+- }
+-#else /* defined(vax)||defined(tahoe) */
+- if( (k= *px & mexp ) != mexp ) {
+- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
+- if( k == 0 ) {
+- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- if((k = (k>>gap)+ N) > 0 )
+- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
+- else x=novf+novf; /* overflow */
+- else
+- if( k > -prep1 )
+- /* gradual underflow */
+- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
+- else
+- return(nunf*nunf);
+- }
+- return(x);
+-}
+-
+-
+-double copysign(x,y)
+-double x,y;
+-{
+-#ifdef national
+- unsigned short *px=(unsigned short *) &x+3,
+- *py=(unsigned short *) &y+3;
+-#else /* national */
+- unsigned short *px=(unsigned short *) &x,
+- *py=(unsigned short *) &y;
+-#endif /* national */
+-
+-#if defined(vax)||defined(tahoe)
+- if ( (*px & mexp) == 0 ) return(x);
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- *px = ( *px & msign ) | ( *py & ~msign );
+- return(x);
+-}
+-
+-double logb(x)
+-double x;
+-{
+-
+-#ifdef national
+- short *px=(short *) &x+3, k;
+-#else /* national */
+- short *px=(short *) &x, k;
+-#endif /* national */
+-
+-#if defined(vax)||defined(tahoe)
+- return (int)(((*px&mexp)>>gap)-bias);
+-#else /* defined(vax)||defined(tahoe) */
+- if( (k= *px & mexp ) != mexp )
+- if ( k != 0 )
+- return ( (k>>gap) - bias );
+- else if( x != zero)
+- return ( -1022.0 );
+- else
+- return(-(1.0/zero));
+- else if(x != x)
+- return(x);
+- else
+- {*px &= msign; return(x);}
+-#endif /* defined(vax)||defined(tahoe) */
+-}
+-
+-finite(x)
+-double x;
+-{
+-#if defined(vax)||defined(tahoe)
+- return(1);
+-#else /* defined(vax)||defined(tahoe) */
+-#ifdef national
+- return( (*((short *) &x+3 ) & mexp ) != mexp );
+-#else /* national */
+- return( (*((short *) &x ) & mexp ) != mexp );
+-#endif /* national */
+-#endif /* defined(vax)||defined(tahoe) */
+-}
+-
+-double drem(x,p)
+-double x,p;
+-{
+- short sign;
+- double hp,dp,tmp;
+- unsigned short k;
+-#ifdef national
+- unsigned short
+- *px=(unsigned short *) &x +3,
+- *pp=(unsigned short *) &p +3,
+- *pd=(unsigned short *) &dp +3,
+- *pt=(unsigned short *) &tmp+3;
+-#else /* national */
+- unsigned short
+- *px=(unsigned short *) &x ,
+- *pp=(unsigned short *) &p ,
+- *pd=(unsigned short *) &dp ,
+- *pt=(unsigned short *) &tmp;
+-#endif /* national */
+-
+- *pp &= msign ;
+-
+-#if defined(vax)||defined(tahoe)
+- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
+-#else /* defined(vax)||defined(tahoe) */
+- if( ( *px & mexp ) == mexp )
+-#endif /* defined(vax)||defined(tahoe) */
+- return (x-p)-(x-p); /* create nan if x is inf */
+- if (p == zero) {
+-#if defined(vax)||defined(tahoe)
+- return(infnan(EDOM));
+-#else /* defined(vax)||defined(tahoe) */
+- return zero/zero;
+-#endif /* defined(vax)||defined(tahoe) */
+- }
+-
+-#if defined(vax)||defined(tahoe)
+- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
+-#else /* defined(vax)||defined(tahoe) */
+- if( ( *pp & mexp ) == mexp )
+-#endif /* defined(vax)||defined(tahoe) */
+- { if (p != p) return p; else return x;}
+-
+- else if ( ((*pp & mexp)>>gap) <= 1 )
+- /* subnormal p, or almost subnormal p */
+- { double b; b=scalbn(1.0,(int)prep1);
+- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
+- else if ( p >= novf/2)
+- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
+- else
+- {
+- dp=p+p; hp=p/2;
+- sign= *px & ~msign ;
+- *px &= msign ;
+- while ( x > dp )
+- {
+- k=(*px & mexp) - (*pd & mexp) ;
+- tmp = dp ;
+- *pt += k ;
+-
+-#if defined(vax)||defined(tahoe)
+- if( x < tmp ) *pt -= 128 ;
+-#else /* defined(vax)||defined(tahoe) */
+- if( x < tmp ) *pt -= 16 ;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- x -= tmp ;
+- }
+- if ( x > hp )
+- { x -= p ; if ( x >= hp ) x -= p ; }
+-
+-#if defined(vax)||defined(tahoe)
+- if (x)
+-#endif /* defined(vax)||defined(tahoe) */
+- *px ^= sign;
+- return( x);
+-
+- }
+-}
+-
+-
+-double sqrt(x)
+-double x;
+-{
+- double q,s,b,r;
+- double t;
+- double const zero=0.0;
+- int m,n,i;
+-#if defined(vax)||defined(tahoe)
+- int k=54;
+-#else /* defined(vax)||defined(tahoe) */
+- int k=51;
+-#endif /* defined(vax)||defined(tahoe) */
+-
+- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
+- if(x!=x||x==zero) return(x);
+-
+- /* sqrt(negative) is invalid */
+- if(x<zero) {
+-#if defined(vax)||defined(tahoe)
+- return (infnan(EDOM)); /* NaN */
+-#else /* defined(vax)||defined(tahoe) */
+- return(zero/zero);
+-#endif /* defined(vax)||defined(tahoe) */
+- }
+-
+- /* sqrt(INF) is INF */
+- if(!finite(x)) return(x);
+-
+- /* scale x to [1,4) */
+- n=logb(x);
+- x=scalbn(x,-n);
+- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
+- m += n;
+- n = m/2;
+- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
+-
+- /* generate sqrt(x) bit by bit (accumulating in q) */
+- q=1.0; s=4.0; x -= 1.0; r=1;
+- for(i=1;i<=k;i++) {
+- t=s+1; x *= 4; r /= 2;
+- if(t<=x) {
+- s=t+t+2, x -= t; q += r;}
+- else
+- s *= 2;
+- }
+-
+- /* generate the last bit and determine the final rounding */
+- r/=2; x *= 4;
+- if(x==zero) goto end; 100+r; /* trigger inexact flag */
+- if(s<x) {
+- q+=r; x -=s; s += 2; s *= 2; x *= 4;
+- t = (x-s)-5;
+- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
+- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
+- if(t>=0) q+=r; } /* else: Round-to-nearest */
+- else {
+- s *= 2; x *= 4;
+- t = (x-s)-1;
+- b=1.0+3*r/4; if(b==1.0) goto end;
+- b=1.0+r/4; if(b>1.0) t=1;
+- if(t>=0) q+=r; }
+-
+-end: return(scalbn(q,n));
+-}
+-
+-#if 0
+-/* DREM(X,Y)
+- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
+- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
+- * INTENDED FOR ASSEMBLY LANGUAGE
+- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
+- *
+- * Warning: this code should not get compiled in unless ALL of
+- * the following machine-dependent routines are supplied.
+- *
+- * Required machine dependent functions (not on a VAX):
+- * swapINX(i): save inexact flag and reset it to "i"
+- * swapENI(e): save inexact enable and reset it to "e"
+- */
+-
+-double drem(x,y)
+-double x,y;
+-{
+-
+-#ifdef national /* order of words in floating point number */
+- static const n0=3,n1=2,n2=1,n3=0;
+-#else /* VAX, SUN, ZILOG, TAHOE */
+- static const n0=0,n1=1,n2=2,n3=3;
+-#endif
+-
+- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
+- static const double zero=0.0;
+- double hy,y1,t,t1;
+- short k;
+- long n;
+- int i,e;
+- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
+- nx,nf, *py =(unsigned short *) &y ,
+- sign, *pt =(unsigned short *) &t ,
+- *pt1 =(unsigned short *) &t1 ;
+-
+- xexp = px[n0] & mexp ; /* exponent of x */
+- yexp = py[n0] & mexp ; /* exponent of y */
+- sign = px[n0] &0x8000; /* sign of x */
+-
+-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
+- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
+- if( xexp == mexp ) return(zero/zero); /* x is INF */
+- if(y==zero) return(y/y);
+-
+-/* save the inexact flag and inexact enable in i and e respectively
+- * and reset them to zero
+- */
+- i=swapINX(0); e=swapENI(0);
+-
+-/* subnormal number */
+- nx=0;
+- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
+-
+-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
+- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
+-
+- nf=nx;
+- py[n0] &= 0x7fff;
+- px[n0] &= 0x7fff;
+-
+-/* mask off the least significant 27 bits of y */
+- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
+-
+-/* LOOP: argument reduction on x whenever x > y */
+-loop:
+- while ( x > y )
+- {
+- t=y;
+- t1=y1;
+- xexp=px[n0]&mexp; /* exponent of x */
+- k=xexp-yexp-m25;
+- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
+- {pt[n0]+=k;pt1[n0]+=k;}
+- n=x/t; x=(x-n*t1)-n*(t-t1);
+- }
+- /* end while (x > y) */
+-
+- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
+-
+-/* final adjustment */
+-
+- hy=y/2.0;
+- if(x>hy||((x==hy)&&n%2==1)) x-=y;
+- px[n0] ^= sign;
+- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
+-
+-/* restore inexact flag and inexact enable */
+- swapINX(i); swapENI(e);
+-
+- return(x);
+-}
+-#endif
+-
+-#if 0
+-/* SQRT
+- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
+- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
+- * CODED IN C BY K.C. NG, 3/22/85.
+- *
+- * Warning: this code should not get compiled in unless ALL of
+- * the following machine-dependent routines are supplied.
+- *
+- * Required machine dependent functions:
+- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
+- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
+- * swapENI(e) ...return the status of inexact enable and reset it to "e"
+- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
+- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
+- */
+-
+-static const unsigned long table[] = {
+-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
+-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
+-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
+-
+-double newsqrt(x)
+-double x;
+-{
+- double y,z,t,addc(),subc()
+- double const b54=134217728.*134217728.; /* b54=2**54 */
+- long mx,scalx;
+- long const mexp=0x7ff00000;
+- int i,j,r,e,swapINX(),swapRM(),swapENI();
+- unsigned long *py=(unsigned long *) &y ,
+- *pt=(unsigned long *) &t ,
+- *px=(unsigned long *) &x ;
+-#ifdef national /* ordering of word in a floating point number */
+- const int n0=1, n1=0;
+-#else
+- const int n0=0, n1=1;
+-#endif
+-/* Rounding Mode: RN ...round-to-nearest
+- * RZ ...round-towards 0
+- * RP ...round-towards +INF
+- * RM ...round-towards -INF
+- */
+- const int RN=0,RZ=1,RP=2,RM=3;
+- /* machine dependent: work on a Zilog Z8070
+- * and a National 32081 & 16081
+- */
+-
+-/* exceptions */
+- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
+- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
+- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
+-
+-/* save, reset, initialize */
+- e=swapENI(0); /* ...save and reset the inexact enable */
+- i=swapINX(0); /* ...save INEXACT flag */
+- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
+- scalx=0;
+-
+-/* subnormal number, scale up x to x*2**54 */
+- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
+-
+-/* scale x to avoid intermediate over/underflow:
+- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
+- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
+- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
+-
+-/* magic initial approximation to almost 8 sig. bits */
+- py[n0]=(px[n0]>>1)+0x1ff80000;
+- py[n0]=py[n0]-table[(py[n0]>>15)&31];
+-
+-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
+- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
+-
+-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
+- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
+- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
+-
+-/* twiddle last bit to force y correctly rounded */
+- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
+- swapINX(0); /* ...clear INEXACT flag */
+- swapENI(e); /* ...restore inexact enable status */
+- t=x/y; /* ...chopped quotient, possibly inexact */
+- j=swapINX(i); /* ...read and restore inexact flag */
+- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
+- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
+- if(r==RN) t=addc(t); /* ...t=t+ulp */
+- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
+- y=y+t; /* ...chopped sum */
+- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
+-end: py[n0]=py[n0]+scalx; /* ...scale back y */
+- swapRM(r); /* ...restore Rounding Mode */
+- return(y);
+-}
+-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=45704a90d0c02a27353a86cce2023a7cff0850a8
commit 45704a90d0c02a27353a86cce2023a7cff0850a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:33:13 2013 -0300
Refresh of remove-ieee754-support.patch
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=575a99ada411dcc3ddc0be92200cbf114537f7b5
commit 575a99ada411dcc3ddc0be92200cbf114537f7b5
Merge: a11f919 6befbab 5113506
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:32:55 2013 -0300
new
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a11f9195af1b03dc22326a0153f9916b6d3ad9e2
commit a11f9195af1b03dc22326a0153f9916b6d3ad9e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:32:55 2013 -0300
new
diff --git a/meta b/meta
index eac0d19..d87c6a4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 42b5c5b93dd5e0ab073b0976b5571e6df7852de6
-Head: f24766f16a7fc05837ee864671592bdd230d4631
+Previous: 6befbab55a0494cfde0b24c1273eeaa1bca585d9
+Head: 511350628e6d67533247487df877b6b5c8110398
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
@@ -29,5 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 88d6db1efac30fda4ced56f1f651174b35cf5214
wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
+ remove-ieee754-support.patch: 511350628e6d67533247487df877b6b5c8110398
Unapplied:
Hidden:
diff --git a/patches/remove-ieee754-support.patch b/patches/remove-ieee754-support.patch
new file mode 100644
index 0000000..940c1a6
--- /dev/null
+++ b/patches/remove-ieee754-support.patch
@@ -0,0 +1,15 @@
+Bottom: b84a5f688770814e8732185c0f64b14903b5b29a
+Top: b84a5f688770814e8732185c0f64b14903b5b29a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 00:32:53 -0300
+
+Remove unused sysdeps/ieee754/support.c.
+
+for ChangeLog
+
+ * sysdeps/ieee754/support.c: Remove.
+
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=29601892fc048942d31e8e0d1768365ced9a95de
commit 29601892fc048942d31e8e0d1768365ced9a95de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:32:53 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
deleted file mode 100644
index 0bbd892..0000000
--- a/sysdeps/ieee754/support.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
-#endif /* not lint */
-
-/*
- * Some IEEE standard 754 recommended functions and remainder and sqrt for
- * supporting the C elementary functions.
- ******************************************************************************
- * WARNING:
- * These codes are developed (in double) to support the C elementary
- * functions temporarily. They are not universal, and some of them are very
- * slow (in particular, drem and sqrt is extremely inefficient). Each
- * computer system should have its implementation of these functions using
- * its own assembler.
- ******************************************************************************
- *
- * IEEE 754 required operations:
- * drem(x,p)
- * returns x REM y = x - [x/y]*y , where [x/y] is the integer
- * nearest x/y; in half way case, choose the even one.
- * sqrt(x)
- * returns the square root of x correctly rounded according to
- * the rounding mod.
- *
- * IEEE 754 recommended functions:
- * (a) copysign(x,y)
- * returns x with the sign of y.
- * (b) scalb(x,N)
- * returns x * (2**N), for integer values N.
- * (c) logb(x)
- * returns the unbiased exponent of x, a signed integer in
- * double precision, except that logb(0) is -INF, logb(INF)
- * is +INF, and logb(NAN) is that NAN.
- * (d) finite(x)
- * returns the value TRUE if -INF < x < +INF and returns
- * FALSE otherwise.
- *
- *
- * CODED IN C BY K.C. NG, 11/25/84;
- * REVISED BY K.C. NG on 1/22/85, 2/13/85, 3/24/85.
- */
-
-#include "mathimpl.h"
-
-#if defined(vax)||defined(tahoe) /* VAX D format */
-#include <errno.h>
- static const unsigned short msign=0x7fff , mexp =0x7f80 ;
- static const short prep1=57, gap=7, bias=129 ;
- static const double novf=1.7E38, nunf=3.0E-39, zero=0.0 ;
-#else /* defined(vax)||defined(tahoe) */
- static const unsigned short msign=0x7fff, mexp =0x7ff0 ;
- static const short prep1=54, gap=4, bias=1023 ;
- static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
-#endif /* defined(vax)||defined(tahoe) */
-
-double scalbn(x,N)
-double x; int N;
-{
- int k;
-
-#ifdef national
- unsigned short *px=(unsigned short *) &x + 3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x;
-#endif /* national */
-
- if( x == zero ) return(x);
-
-#if defined(vax)||defined(tahoe)
- if( (k= *px & mexp ) != ~msign ) {
- if (N < -260)
- return(nunf*nunf);
- else if (N > 260) {
- return(copysign(infnan(ERANGE),x));
- }
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp ) {
- if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
- if( k == 0 ) {
- x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
-#endif /* defined(vax)||defined(tahoe) */
-
- if((k = (k>>gap)+ N) > 0 )
- if( k < (mexp>>gap) ) *px = (*px&~mexp) | (k<<gap);
- else x=novf+novf; /* overflow */
- else
- if( k > -prep1 )
- /* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
- else
- return(nunf*nunf);
- }
- return(x);
-}
-
-
-double copysign(x,y)
-double x,y;
-{
-#ifdef national
- unsigned short *px=(unsigned short *) &x+3,
- *py=(unsigned short *) &y+3;
-#else /* national */
- unsigned short *px=(unsigned short *) &x,
- *py=(unsigned short *) &y;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- if ( (*px & mexp) == 0 ) return(x);
-#endif /* defined(vax)||defined(tahoe) */
-
- *px = ( *px & msign ) | ( *py & ~msign );
- return(x);
-}
-
-double logb(x)
-double x;
-{
-
-#ifdef national
- short *px=(short *) &x+3, k;
-#else /* national */
- short *px=(short *) &x, k;
-#endif /* national */
-
-#if defined(vax)||defined(tahoe)
- return (int)(((*px&mexp)>>gap)-bias);
-#else /* defined(vax)||defined(tahoe) */
- if( (k= *px & mexp ) != mexp )
- if ( k != 0 )
- return ( (k>>gap) - bias );
- else if( x != zero)
- return ( -1022.0 );
- else
- return(-(1.0/zero));
- else if(x != x)
- return(x);
- else
- {*px &= msign; return(x);}
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-finite(x)
-double x;
-{
-#if defined(vax)||defined(tahoe)
- return(1);
-#else /* defined(vax)||defined(tahoe) */
-#ifdef national
- return( (*((short *) &x+3 ) & mexp ) != mexp );
-#else /* national */
- return( (*((short *) &x ) & mexp ) != mexp );
-#endif /* national */
-#endif /* defined(vax)||defined(tahoe) */
-}
-
-double drem(x,p)
-double x,p;
-{
- short sign;
- double hp,dp,tmp;
- unsigned short k;
-#ifdef national
- unsigned short
- *px=(unsigned short *) &x +3,
- *pp=(unsigned short *) &p +3,
- *pd=(unsigned short *) &dp +3,
- *pt=(unsigned short *) &tmp+3;
-#else /* national */
- unsigned short
- *px=(unsigned short *) &x ,
- *pp=(unsigned short *) &p ,
- *pd=(unsigned short *) &dp ,
- *pt=(unsigned short *) &tmp;
-#endif /* national */
-
- *pp &= msign ;
-
-#if defined(vax)||defined(tahoe)
- if( ( *px & mexp ) == ~msign ) /* is x a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *px & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- return (x-p)-(x-p); /* create nan if x is inf */
- if (p == zero) {
-#if defined(vax)||defined(tahoe)
- return(infnan(EDOM));
-#else /* defined(vax)||defined(tahoe) */
- return zero/zero;
-#endif /* defined(vax)||defined(tahoe) */
- }
-
-#if defined(vax)||defined(tahoe)
- if( ( *pp & mexp ) == ~msign ) /* is p a reserved operand? */
-#else /* defined(vax)||defined(tahoe) */
- if( ( *pp & mexp ) == mexp )
-#endif /* defined(vax)||defined(tahoe) */
- { if (p != p) return p; else return x;}
-
- else if ( ((*pp & mexp)>>gap) <= 1 )
- /* subnormal p, or almost subnormal p */
- { double b; b=scalbn(1.0,(int)prep1);
- p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
- else if ( p >= novf/2)
- { p /= 2 ; x /= 2; return(drem(x,p)*2);}
- else
- {
- dp=p+p; hp=p/2;
- sign= *px & ~msign ;
- *px &= msign ;
- while ( x > dp )
- {
- k=(*px & mexp) - (*pd & mexp) ;
- tmp = dp ;
- *pt += k ;
-
-#if defined(vax)||defined(tahoe)
- if( x < tmp ) *pt -= 128 ;
-#else /* defined(vax)||defined(tahoe) */
- if( x < tmp ) *pt -= 16 ;
-#endif /* defined(vax)||defined(tahoe) */
-
- x -= tmp ;
- }
- if ( x > hp )
- { x -= p ; if ( x >= hp ) x -= p ; }
-
-#if defined(vax)||defined(tahoe)
- if (x)
-#endif /* defined(vax)||defined(tahoe) */
- *px ^= sign;
- return( x);
-
- }
-}
-
-
-double sqrt(x)
-double x;
-{
- double q,s,b,r;
- double t;
- double const zero=0.0;
- int m,n,i;
-#if defined(vax)||defined(tahoe)
- int k=54;
-#else /* defined(vax)||defined(tahoe) */
- int k=51;
-#endif /* defined(vax)||defined(tahoe) */
-
- /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x!=x||x==zero) return(x);
-
- /* sqrt(negative) is invalid */
- if(x<zero) {
-#if defined(vax)||defined(tahoe)
- return (infnan(EDOM)); /* NaN */
-#else /* defined(vax)||defined(tahoe) */
- return(zero/zero);
-#endif /* defined(vax)||defined(tahoe) */
- }
-
- /* sqrt(INF) is INF */
- if(!finite(x)) return(x);
-
- /* scale x to [1,4) */
- n=logb(x);
- x=scalbn(x,-n);
- if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
- m += n;
- n = m/2;
- if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
-
- /* generate sqrt(x) bit by bit (accumulating in q) */
- q=1.0; s=4.0; x -= 1.0; r=1;
- for(i=1;i<=k;i++) {
- t=s+1; x *= 4; r /= 2;
- if(t<=x) {
- s=t+t+2, x -= t; q += r;}
- else
- s *= 2;
- }
-
- /* generate the last bit and determine the final rounding */
- r/=2; x *= 4;
- if(x==zero) goto end; 100+r; /* trigger inexact flag */
- if(s<x) {
- q+=r; x -=s; s += 2; s *= 2; x *= 4;
- t = (x-s)-5;
- b=1.0+3*r/4; if(b==1.0) goto end; /* b==1 : Round-to-zero */
- b=1.0+r/4; if(b>1.0) t=1; /* b>1 : Round-to-(+INF) */
- if(t>=0) q+=r; } /* else: Round-to-nearest */
- else {
- s *= 2; x *= 4;
- t = (x-s)-1;
- b=1.0+3*r/4; if(b==1.0) goto end;
- b=1.0+r/4; if(b>1.0) t=1;
- if(t>=0) q+=r; }
-
-end: return(scalbn(q,n));
-}
-
-#if 0
-/* DREM(X,Y)
- * RETURN X REM Y =X-N*Y, N=[X/Y] ROUNDED (ROUNDED TO EVEN IN THE HALF WAY CASE)
- * DOUBLE PRECISION (VAX D format 56 bits, IEEE DOUBLE 53 BITS)
- * INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/23/85, 4/8/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions (not on a VAX):
- * swapINX(i): save inexact flag and reset it to "i"
- * swapENI(e): save inexact enable and reset it to "e"
- */
-
-double drem(x,y)
-double x,y;
-{
-
-#ifdef national /* order of words in floating point number */
- static const n0=3,n1=2,n2=1,n3=0;
-#else /* VAX, SUN, ZILOG, TAHOE */
- static const n0=0,n1=1,n2=2,n3=3;
-#endif
-
- static const unsigned short mexp =0x7ff0, m25 =0x0190, m57 =0x0390;
- static const double zero=0.0;
- double hy,y1,t,t1;
- short k;
- long n;
- int i,e;
- unsigned short xexp,yexp, *px =(unsigned short *) &x ,
- nx,nf, *py =(unsigned short *) &y ,
- sign, *pt =(unsigned short *) &t ,
- *pt1 =(unsigned short *) &t1 ;
-
- xexp = px[n0] & mexp ; /* exponent of x */
- yexp = py[n0] & mexp ; /* exponent of y */
- sign = px[n0] &0x8000; /* sign of x */
-
-/* return NaN if x is NaN, or y is NaN, or x is INF, or y is zero */
- if(x!=x) return(x); if(y!=y) return(y); /* x or y is NaN */
- if( xexp == mexp ) return(zero/zero); /* x is INF */
- if(y==zero) return(y/y);
-
-/* save the inexact flag and inexact enable in i and e respectively
- * and reset them to zero
- */
- i=swapINX(0); e=swapENI(0);
-
-/* subnormal number */
- nx=0;
- if(yexp==0) {t=1.0,pt[n0]+=m57; y*=t; nx=m57;}
-
-/* if y is tiny (biased exponent <= 57), scale up y to y*2**57 */
- if( yexp <= m57 ) {py[n0]+=m57; nx+=m57; yexp+=m57;}
-
- nf=nx;
- py[n0] &= 0x7fff;
- px[n0] &= 0x7fff;
-
-/* mask off the least significant 27 bits of y */
- t=y; pt[n3]=0; pt[n2]&=0xf800; y1=t;
-
-/* LOOP: argument reduction on x whenever x > y */
-loop:
- while ( x > y )
- {
- t=y;
- t1=y1;
- xexp=px[n0]&mexp; /* exponent of x */
- k=xexp-yexp-m25;
- if(k>0) /* if x/y >= 2**26, scale up y so that x/y < 2**26 */
- {pt[n0]+=k;pt1[n0]+=k;}
- n=x/t; x=(x-n*t1)-n*(t-t1);
- }
- /* end while (x > y) */
-
- if(nx!=0) {t=1.0; pt[n0]+=nx; x*=t; nx=0; goto loop;}
-
-/* final adjustment */
-
- hy=y/2.0;
- if(x>hy||((x==hy)&&n%2==1)) x-=y;
- px[n0] ^= sign;
- if(nf!=0) { t=1.0; pt[n0]-=nf; x*=t;}
-
-/* restore inexact flag and inexact enable */
- swapINX(i); swapENI(e);
-
- return(x);
-}
-#endif
-
-#if 0
-/* SQRT
- * RETURN CORRECTLY ROUNDED (ACCORDING TO THE ROUNDING MODE) SQRT
- * FOR IEEE DOUBLE PRECISION ONLY, INTENDED FOR ASSEMBLY LANGUAGE
- * CODED IN C BY K.C. NG, 3/22/85.
- *
- * Warning: this code should not get compiled in unless ALL of
- * the following machine-dependent routines are supplied.
- *
- * Required machine dependent functions:
- * swapINX(i) ...return the status of INEXACT flag and reset it to "i"
- * swapRM(r) ...return the current Rounding Mode and reset it to "r"
- * swapENI(e) ...return the status of inexact enable and reset it to "e"
- * addc(t) ...perform t=t+1 regarding t as a 64 bit unsigned integer
- * subc(t) ...perform t=t-1 regarding t as a 64 bit unsigned integer
- */
-
-static const unsigned long table[] = {
-0, 1204, 3062, 5746, 9193, 13348, 18162, 23592, 29598, 36145, 43202, 50740,
-58733, 67158, 75992, 85215, 83599, 71378, 60428, 50647, 41945, 34246, 27478,
-21581, 16499, 12183, 8588, 5674, 3403, 1742, 661, 130, };
-
-double newsqrt(x)
-double x;
-{
- double y,z,t,addc(),subc()
- double const b54=134217728.*134217728.; /* b54=2**54 */
- long mx,scalx;
- long const mexp=0x7ff00000;
- int i,j,r,e,swapINX(),swapRM(),swapENI();
- unsigned long *py=(unsigned long *) &y ,
- *pt=(unsigned long *) &t ,
- *px=(unsigned long *) &x ;
-#ifdef national /* ordering of word in a floating point number */
- const int n0=1, n1=0;
-#else
- const int n0=0, n1=1;
-#endif
-/* Rounding Mode: RN ...round-to-nearest
- * RZ ...round-towards 0
- * RP ...round-towards +INF
- * RM ...round-towards -INF
- */
- const int RN=0,RZ=1,RP=2,RM=3;
- /* machine dependent: work on a Zilog Z8070
- * and a National 32081 & 16081
- */
-
-/* exceptions */
- if(x!=x||x==0.0) return(x); /* sqrt(NaN) is NaN, sqrt(+-0) = +-0 */
- if(x<0) return((x-x)/(x-x)); /* sqrt(negative) is invalid */
- if((mx=px[n0]&mexp)==mexp) return(x); /* sqrt(+INF) is +INF */
-
-/* save, reset, initialize */
- e=swapENI(0); /* ...save and reset the inexact enable */
- i=swapINX(0); /* ...save INEXACT flag */
- r=swapRM(RN); /* ...save and reset the Rounding Mode to RN */
- scalx=0;
-
-/* subnormal number, scale up x to x*2**54 */
- if(mx==0) {x *= b54 ; scalx-=0x01b00000;}
-
-/* scale x to avoid intermediate over/underflow:
- * if (x > 2**512) x=x/2**512; if (x < 2**-512) x=x*2**512 */
- if(mx>0x5ff00000) {px[n0] -= 0x20000000; scalx+= 0x10000000;}
- if(mx<0x1ff00000) {px[n0] += 0x20000000; scalx-= 0x10000000;}
-
-/* magic initial approximation to almost 8 sig. bits */
- py[n0]=(px[n0]>>1)+0x1ff80000;
- py[n0]=py[n0]-table[(py[n0]>>15)&31];
-
-/* Heron's rule once with correction to improve y to almost 18 sig. bits */
- t=x/y; y=y+t; py[n0]=py[n0]-0x00100006; py[n1]=0;
-
-/* triple to almost 56 sig. bits; now y approx. sqrt(x) to within 1 ulp */
- t=y*y; z=t; pt[n0]+=0x00100000; t+=z; z=(x-z)*y;
- t=z/(t+x) ; pt[n0]+=0x00100000; y+=t;
-
-/* twiddle last bit to force y correctly rounded */
- swapRM(RZ); /* ...set Rounding Mode to round-toward-zero */
- swapINX(0); /* ...clear INEXACT flag */
- swapENI(e); /* ...restore inexact enable status */
- t=x/y; /* ...chopped quotient, possibly inexact */
- j=swapINX(i); /* ...read and restore inexact flag */
- if(j==0) { if(t==y) goto end; else t=subc(t); } /* ...t=t-ulp */
- b54+0.1; /* ..trigger inexact flag, sqrt(x) is inexact */
- if(r==RN) t=addc(t); /* ...t=t+ulp */
- else if(r==RP) { t=addc(t);y=addc(y);}/* ...t=t+ulp;y=y+ulp; */
- y=y+t; /* ...chopped sum */
- py[n0]=py[n0]-0x00100000; /* ...correctly rounded sqrt(x) */
-end: py[n0]=py[n0]+scalx; /* ...scale back y */
- swapRM(r); /* ...restore Rounding Mode */
- return(y);
-}
-#endif
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=511350628e6d67533247487df877b6b5c8110398
commit 511350628e6d67533247487df877b6b5c8110398
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:32:53 2013 -0300
Remove unused sysdeps/ieee754/support.c.
for ChangeLog
* sysdeps/ieee754/support.c: Remove.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6befbab55a0494cfde0b24c1273eeaa1bca585d9
commit 6befbab55a0494cfde0b24c1273eeaa1bca585d9
Merge: 804fd3c 42b5c5b f24766f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:55 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=804fd3cdcb4c62a56cc3492b16be29a7dab9311a
commit 804fd3cdcb4c62a56cc3492b16be29a7dab9311a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:55 2013 -0300
push
diff --git a/meta b/meta
index b883748..eac0d19 100644
--- a/meta
+++ b/meta
@@ -1,33 +1,33 @@
Version: 1
-Previous: 31ea81ea2424a6791bb4b12781ca4f80e78f537c
-Head: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
+Previous: 42b5c5b93dd5e0ab073b0976b5571e6df7852de6
+Head: f24766f16a7fc05837ee864671592bdd230d4631
Applied:
manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
+ powerpc-nofpu-sim-note-nothread.patch: e34ecb782685d8b4d0d6a9badd3c4860d373179a
+ unused-scalb-is-scalbn.patch: 87cf27bcd012cd8ab3e3040aacaa99b93c037595
+ manual-document-mt-safety-argp.patch: ac784bfbcf7a152d47a16a6cf8627a4bf034b785
+ manual-document-mt-safety-arith.patch: f44135c2502e59169f999d4373ae92b799a3243f
+ manual-document-mt-safety-charset.patch: c4b388232d899078a1b6d6a59f8c81d91b48f0a1
+ manual-document-mt-safety-conf.patch: b5d8ce5c1458b5e838a2863d4ba4baa86c823b28
+ manual-document-mt-safety-crypt.patch: 72ef57b840cd42f1110c069ef69c5000ef9c88b7
+ manual-document-mt-safety-ctype.patch: f60b1d81ad9cb9c6c27a099d76bdc6abcaf790a2
+ manual-document-mt-safety-debug.patch: 68a39285b6322ffa0bc420d57ec68b14f732c4e3
+ manual-document-mt-safety-errno.patch: da9e9ee60c99d6dc0316d8546541e6dd9c0c9b99
+ manual-document-mt-safety-filesys.patch: d0691d184b91c2e2c5698ea76d17dd9f3a122f8f
+ manual-document-mt-safety-getopt.patch: 4a5d90dda6e00313cc5ba8ce421efaa9cb59081b
+ manual-document-mt-safety-libdl.patch: 307bd3daee46ac59346ae246cca438c773592157
+ manual-document-mt-safety-job.patch: 056831666a434aed7f142ee31ad9ca0d6ba2d3bc
+ manual-document-mt-safety-lang.patch: 63d1c42e6da89b0ad4d95cf9389cd10979efbe86
+ manual-document-mt-safety-llio.patch: 949a5e85be3e463201abb3eca47b28d136e6a748
+ manual-document-mt-safety-stdio.patch: fd97e2760a742412d0efb962445d45e5f6c31d25
+ wip-manual-document-mt-safety-locale.patch: 62c5d0311f8340f9adfd4020aaf20fc59b3bf99d
+ wip-manual-document-mt-safety-math.patch: 3c144b261343ed149aabebaf1644836f8cc743e5
+ wip-manual-document-mt-safety-startup.patch: 6300794e9ab2baa967f9a1778dbf68ab1dd6bded
+ wip-manual-document-mt-safety-search.patch: 41d5ae9e5dfbfe26fd2cd56fa6ca85642a89cccc
+ wip-manual-document-mt-safety-resource.patch: 1daf7c7b5916ddc5c68ab1eeb07c507dd20a6c24
+ wip-manual-document-mt-safety-string.patch: 733b88651a82568a50710faeb8984d6b4c9ed92e
+ wip-manual-document-mt-safety-terminal.patch: 88d6db1efac30fda4ced56f1f651174b35cf5214
+ wip-manual-document-mt-safety-threads.patch: a876db182b7283130d6189eb55ea401d35053850
+ wip-manual-document-mt-safety-time.patch: f24766f16a7fc05837ee864671592bdd230d4631
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
- unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
- manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
- manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
- manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
- manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
- manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
- manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
- manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
- manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
- manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
- manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
- manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
- manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
- manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
- manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
- manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
- wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
- wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
- wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
- wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
- wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
- wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
- wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
- wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
- wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 0357d25..8284a1e 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 342d93cedbc3899d97eb6abb3179c639ca189041
-Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
+Bottom: 34670202bf46f8c2807d998163a3ae485669f59e
+Top: 6f7a5e6749ad296a05be499432131dbe19bb6f95
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 9eca6bc..5e36901 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
-Top: 20fd58920c13f96b1451eda75458a9c942d2094e
+Bottom: 6f7a5e6749ad296a05be499432131dbe19bb6f95
+Top: defee7a3afc291649a03a852fe89e085e809b1cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 45a1643..9bbb051 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 20fd58920c13f96b1451eda75458a9c942d2094e
-Top: 635dade8c2d466563bdeba84575ccfd57214e37e
+Bottom: defee7a3afc291649a03a852fe89e085e809b1cc
+Top: f0f71d6f601b734abdc7ed68eab96e38b0b2a122
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index ad74927..79c3d28 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 635dade8c2d466563bdeba84575ccfd57214e37e
-Top: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
+Bottom: f0f71d6f601b734abdc7ed68eab96e38b0b2a122
+Top: db47a43bafc8d1f8d787b9cfb531d1bc04a01bcc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index b799073..57d5762 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
-Top: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
+Bottom: db47a43bafc8d1f8d787b9cfb531d1bc04a01bcc
+Top: 989582e2a61eac80aee357a0b3391b88bdf700b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index c5de015..9b2ecd0 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
-Top: 3de021265ff25f1386d7a7c20b91b2a25d84120f
+Bottom: 989582e2a61eac80aee357a0b3391b88bdf700b8
+Top: e5a870898375d0f16d290f0ce49ace14c8d4a2d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 9b0749d..d851526 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 3de021265ff25f1386d7a7c20b91b2a25d84120f
-Top: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
+Bottom: e5a870898375d0f16d290f0ce49ace14c8d4a2d7
+Top: 18067421e6a29e6bd67a95dca76d8007f8b3208f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 67a101a..ea8bf28 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
-Top: 94d2ef49874113afaf68e43004adb8da972729b9
+Bottom: 18067421e6a29e6bd67a95dca76d8007f8b3208f
+Top: 69d0870850cf838c0374659f9cbf240c906205b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 5ffc492..3b063f6 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 94d2ef49874113afaf68e43004adb8da972729b9
-Top: e32560bf251105655d134b5c41a9b8fdd9801d15
+Bottom: 69d0870850cf838c0374659f9cbf240c906205b8
+Top: eae3c43e01e0c942f9a5097a40719ef9a00c9572
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 54c020d..2514497 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: e32560bf251105655d134b5c41a9b8fdd9801d15
-Top: 7673305db24e0b03187acb8928ddfeca18980793
+Bottom: eae3c43e01e0c942f9a5097a40719ef9a00c9572
+Top: ca3bfae7ef20886b7aa0e19b97b7e989545ca988
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index ce62710..dd7e72e 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
-Top: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
+Bottom: 238024f7204c47a5f57650bf1249139600a50037
+Top: 0bac2dafb8007c7423049255cfe9f32d92341729
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 93ad7bd..6be420f 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
-Top: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
+Bottom: 0bac2dafb8007c7423049255cfe9f32d92341729
+Top: 193841de621025d5ba0a8d8a93cd15e52ed049b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 96f67fc..de6923e 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 7673305db24e0b03187acb8928ddfeca18980793
-Top: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
+Bottom: ca3bfae7ef20886b7aa0e19b97b7e989545ca988
+Top: 238024f7204c47a5f57650bf1249139600a50037
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index ede6838..e39088d 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
-Top: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
+Bottom: 193841de621025d5ba0a8d8a93cd15e52ed049b0
+Top: 54dc9cb53a865ae026f28501a469078a5ca48df9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 2534cf3..c79c8a0 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
-Top: 530229eff374ce006c4c7f955d1d897e0a4056c6
+Bottom: 54dc9cb53a865ae026f28501a469078a5ca48df9
+Top: f2df3f2410eb8c7978798b2bd791b2fdc45b156d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index c413ed2..3a80ccf 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: 465695c41ceed4d41aaebf0e135b8f1123912988
-Top: 315c23de417a6094ebe3c8259abcf7f190d93198
+Bottom: ec44285035bdee25fdfdd25c2385cb08deeced27
+Top: d924767fdd94034e5ddf99b3e5a9291d4c5a5366
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 9b24c12..7c99769 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 315c23de417a6094ebe3c8259abcf7f190d93198
-Top: 342d93cedbc3899d97eb6abb3179c639ca189041
+Bottom: d924767fdd94034e5ddf99b3e5a9291d4c5a5366
+Top: 34670202bf46f8c2807d998163a3ae485669f59e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 2cf1838..3a5b6c8 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 530229eff374ce006c4c7f955d1d897e0a4056c6
-Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
+Bottom: f2df3f2410eb8c7978798b2bd791b2fdc45b156d
+Top: 34ba4b413ec2770c09b9d2be65d6f179dc931409
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index d65dda1..6160c0a 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
-Top: 6fc14fb146cab43af0e1bda549c1bb507464c42d
+Bottom: 34ba4b413ec2770c09b9d2be65d6f179dc931409
+Top: f23d47c6bfcfa87ae920dd9dcae29c054fdf1287
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 274d546..33adf81 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
-Top: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
+Bottom: 8bccd91fa434fbc218a608426cc927d18c5a4741
+Top: fe51f29d9106a6912de339229dec19e904bbc8e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index 1f27ee4..2711dca 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
-Top: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
+Bottom: 4537e5e668ab95e605ff113bad5fec616212481b
+Top: 8bccd91fa434fbc218a608426cc927d18c5a4741
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index f3bfdad..d8463d0 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 6fc14fb146cab43af0e1bda549c1bb507464c42d
-Top: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
+Bottom: f23d47c6bfcfa87ae920dd9dcae29c054fdf1287
+Top: 4537e5e668ab95e605ff113bad5fec616212481b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index 3fee822..2a09c97 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
-Top: 49462a8df64b7650a0f0439d8ebb0709f38313fb
+Bottom: fe51f29d9106a6912de339229dec19e904bbc8e2
+Top: 84c9ce418c9f8b475576cd17329f2eba0eb54cfb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 77dcb9b..40452fa 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 49462a8df64b7650a0f0439d8ebb0709f38313fb
-Top: da17c9be69e48d21ca52d734c608880653385a32
+Bottom: 84c9ce418c9f8b475576cd17329f2eba0eb54cfb
+Top: 39f47ac852160ce679bd115e2adad12da35bb14f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index 86850be..aee55ed 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: da17c9be69e48d21ca52d734c608880653385a32
-Top: 1055542944ccec75d19150bda526177d2f245c5a
+Bottom: 39f47ac852160ce679bd115e2adad12da35bb14f
+Top: 161db65f6a283f93d796b6d782c90ce82ff5586e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index f168240..1da1731 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 1055542944ccec75d19150bda526177d2f245c5a
-Top: 13da41faaf0af578a55abbc8971e69874c1f3914
+Bottom: 161db65f6a283f93d796b6d782c90ce82ff5586e
+Top: b84a5f688770814e8732185c0f64b14903b5b29a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f24766f16a7fc05837ee864671592bdd230d4631
commit f24766f16a7fc05837ee864671592bdd230d4631
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a876db182b7283130d6189eb55ea401d35053850
commit a876db182b7283130d6189eb55ea401d35053850
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=88d6db1efac30fda4ced56f1f651174b35cf5214
commit 88d6db1efac30fda4ced56f1f651174b35cf5214
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=733b88651a82568a50710faeb8984d6b4c9ed92e
commit 733b88651a82568a50710faeb8984d6b4c9ed92e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1daf7c7b5916ddc5c68ab1eeb07c507dd20a6c24
commit 1daf7c7b5916ddc5c68ab1eeb07c507dd20a6c24
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41d5ae9e5dfbfe26fd2cd56fa6ca85642a89cccc
commit 41d5ae9e5dfbfe26fd2cd56fa6ca85642a89cccc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6300794e9ab2baa967f9a1778dbf68ab1dd6bded
commit 6300794e9ab2baa967f9a1778dbf68ab1dd6bded
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c144b261343ed149aabebaf1644836f8cc743e5
commit 3c144b261343ed149aabebaf1644836f8cc743e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62c5d0311f8340f9adfd4020aaf20fc59b3bf99d
commit 62c5d0311f8340f9adfd4020aaf20fc59b3bf99d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fd97e2760a742412d0efb962445d45e5f6c31d25
commit fd97e2760a742412d0efb962445d45e5f6c31d25
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=949a5e85be3e463201abb3eca47b28d136e6a748
commit 949a5e85be3e463201abb3eca47b28d136e6a748
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=63d1c42e6da89b0ad4d95cf9389cd10979efbe86
commit 63d1c42e6da89b0ad4d95cf9389cd10979efbe86
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=056831666a434aed7f142ee31ad9ca0d6ba2d3bc
commit 056831666a434aed7f142ee31ad9ca0d6ba2d3bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=307bd3daee46ac59346ae246cca438c773592157
commit 307bd3daee46ac59346ae246cca438c773592157
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4a5d90dda6e00313cc5ba8ce421efaa9cb59081b
commit 4a5d90dda6e00313cc5ba8ce421efaa9cb59081b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d0691d184b91c2e2c5698ea76d17dd9f3a122f8f
commit d0691d184b91c2e2c5698ea76d17dd9f3a122f8f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da9e9ee60c99d6dc0316d8546541e6dd9c0c9b99
commit da9e9ee60c99d6dc0316d8546541e6dd9c0c9b99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68a39285b6322ffa0bc420d57ec68b14f732c4e3
commit 68a39285b6322ffa0bc420d57ec68b14f732c4e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f60b1d81ad9cb9c6c27a099d76bdc6abcaf790a2
commit f60b1d81ad9cb9c6c27a099d76bdc6abcaf790a2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=72ef57b840cd42f1110c069ef69c5000ef9c88b7
commit 72ef57b840cd42f1110c069ef69c5000ef9c88b7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b5d8ce5c1458b5e838a2863d4ba4baa86c823b28
commit b5d8ce5c1458b5e838a2863d4ba4baa86c823b28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c4b388232d899078a1b6d6a59f8c81d91b48f0a1
commit c4b388232d899078a1b6d6a59f8c81d91b48f0a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f44135c2502e59169f999d4373ae92b799a3243f
commit f44135c2502e59169f999d4373ae92b799a3243f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac784bfbcf7a152d47a16a6cf8627a4bf034b785
commit ac784bfbcf7a152d47a16a6cf8627a4bf034b785
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=87cf27bcd012cd8ab3e3040aacaa99b93c037595
commit 87cf27bcd012cd8ab3e3040aacaa99b93c037595
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e34ecb782685d8b4d0d6a9badd3c4860d373179a
commit e34ecb782685d8b4d0d6a9badd3c4860d373179a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42b5c5b93dd5e0ab073b0976b5571e6df7852de6
commit 42b5c5b93dd5e0ab073b0976b5571e6df7852de6
Merge: 83ba23e d2ce932 31ea81e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:30 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=83ba23e043930c8d483516356e43e8a28a5f6465
commit 83ba23e043930c8d483516356e43e8a28a5f6465
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:29 2013 -0300
refresh
diff --git a/meta b/meta
index b1b1b47..b883748 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: fc9c5a081468d3baafbe6effb97f22f1fa870bc0
-Head: 55e6b3c7d67abdc077766c69e22fcf73fcb2125e
+Previous: 31ea81ea2424a6791bb4b12781ca4f80e78f537c
+Head: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
Applied:
- manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
- refresh-temp: 55e6b3c7d67abdc077766c69e22fcf73fcb2125e
+ manual-document-mt-safety.patch: d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 94acf09..c25fc87 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: 465695c41ceed4d41aaebf0e135b8f1123912988
+Top: ec44285035bdee25fdfdd25c2385cb08deeced27
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
@@ -15,10 +15,10 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..07f27c9 100644
+index deaf089..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
-@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
+@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
@@ -158,9 +158,10 @@ index deaf089..07f27c9 100644
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
-+arguments without any guards to ensure consistency. To ensure MT- and
-+AS-Safe behavior, callers must ensure that the objects passed in are not
-+modified concurrently by other threads or signal handlers.
++arguments without any guards that could guarantee consistency. To
++ensure MT- and AS-Safe behavior, callers must ensure that the objects
++passed in are not modified concurrently by other threads or signal
++handlers.
+
+
+@item @code{tempchwd}
@@ -422,7 +423,7 @@ index deaf089..07f27c9 100644
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
-+propertes we documentated are identical to those mandated by POSIX for
++properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index cdaf528..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,36 +0,0 @@
-Bottom: 465695c41ceed4d41aaebf0e135b8f1123912988
-Top: ec44285035bdee25fdfdd25c2385cb08deeced27
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-16 00:24:28 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index 07f27c9..d183e12 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -308,9 +308,10 @@ locking by the caller are the entire family of stdio functions.
- @cindex xguargs
-
- Functions marked with @code{xguargs} may use or modify objects passed as
--arguments without any guards to ensure consistency. To ensure MT- and
--AS-Safe behavior, callers must ensure that the objects passed in are not
--modified concurrently by other threads or signal handlers.
-+arguments without any guards that could guarantee consistency. To
-+ensure MT- and AS-Safe behavior, callers must ensure that the objects
-+passed in are not modified concurrently by other threads or signal
-+handlers.
-
-
- @item @code{tempchwd}
-@@ -572,7 +573,7 @@ require a function to be Safe, but our implementation is Safe, or
- vice-versa.
-
- For the time being, the absence of this remark does not imply the safety
--propertes we documentated are identical to those mandated by POSIX for
-+properties we documented are identical to those mandated by POSIX for
- the corresponding functions.
-
- @end itemize
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=31ea81ea2424a6791bb4b12781ca4f80e78f537c
commit 31ea81ea2424a6791bb4b12781ca4f80e78f537c
Merge: bdb6f7d fc9c5a0 55e6b3c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:29 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bdb6f7de0663a53b860390c69e09cc4847736b08
commit bdb6f7de0663a53b860390c69e09cc4847736b08
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:29 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index fbc1f94..b1b1b47 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: b7bb1740606d55f5689517be37ec1b130c48530f
-Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+Previous: fc9c5a081468d3baafbe6effb97f22f1fa870bc0
+Head: 55e6b3c7d67abdc077766c69e22fcf73fcb2125e
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+ refresh-temp: 55e6b3c7d67abdc077766c69e22fcf73fcb2125e
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..cdaf528
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,36 @@
+Bottom: 465695c41ceed4d41aaebf0e135b8f1123912988
+Top: ec44285035bdee25fdfdd25c2385cb08deeced27
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-16 00:24:28 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index 07f27c9..d183e12 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -308,9 +308,10 @@ locking by the caller are the entire family of stdio functions.
+ @cindex xguargs
+
+ Functions marked with @code{xguargs} may use or modify objects passed as
+-arguments without any guards to ensure consistency. To ensure MT- and
+-AS-Safe behavior, callers must ensure that the objects passed in are not
+-modified concurrently by other threads or signal handlers.
++arguments without any guards that could guarantee consistency. To
++ensure MT- and AS-Safe behavior, callers must ensure that the objects
++passed in are not modified concurrently by other threads or signal
++handlers.
+
+
+ @item @code{tempchwd}
+@@ -572,7 +573,7 @@ require a function to be Safe, but our implementation is Safe, or
+ vice-versa.
+
+ For the time being, the absence of this remark does not imply the safety
+-propertes we documentated are identical to those mandated by POSIX for
++properties we documented are identical to those mandated by POSIX for
+ the corresponding functions.
+
+ @end itemize
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55e6b3c7d67abdc077766c69e22fcf73fcb2125e
commit 55e6b3c7d67abdc077766c69e22fcf73fcb2125e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:24:28 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index 07f27c9..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -308,9 +308,10 @@ locking by the caller are the entire family of stdio functions.
@cindex xguargs
Functions marked with @code{xguargs} may use or modify objects passed as
-arguments without any guards to ensure consistency. To ensure MT- and
-AS-Safe behavior, callers must ensure that the objects passed in are not
-modified concurrently by other threads or signal handlers.
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
@item @code{tempchwd}
@@ -572,7 +573,7 @@ require a function to be Safe, but our implementation is Safe, or
vice-versa.
For the time being, the absence of this remark does not imply the safety
-propertes we documentated are identical to those mandated by POSIX for
+properties we documented are identical to those mandated by POSIX for
the corresponding functions.
@end itemize
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc9c5a081468d3baafbe6effb97f22f1fa870bc0
commit fc9c5a081468d3baafbe6effb97f22f1fa870bc0
Merge: 8c7660e b7bb174
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:22:45 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8c7660e9d127b4f8ac2e8f60f5af55b4e0ccac16
commit 8c7660e9d127b4f8ac2e8f60f5af55b4e0ccac16
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:22:45 2013 -0300
push
diff --git a/meta b/meta
index 3c86131..fbc1f94 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: 024af7cd034b16d576f3ac3711ddc1cb28d17689
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: b7bb1740606d55f5689517be37ec1b130c48530f
+Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Applied:
-Unapplied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b7bb1740606d55f5689517be37ec1b130c48530f
commit b7bb1740606d55f5689517be37ec1b130c48530f
Merge: c64d069 ca0a6bc 024af7c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:22:42 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c64d069b47c5d012e1c1789f891bd4ead485cdc7
commit c64d069b47c5d012e1c1789f891bd4ead485cdc7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Fri Aug 16 00:22:42 2013 -0300
pop
diff --git a/meta b/meta
index 4fd9972..3c86131 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: 9c69c077521c48a292610b2fdd63a2ee75f324b1
-Head: a4db052d330a9c934252bc3a1489c922ea797683
+Previous: 024af7cd034b16d576f3ac3711ddc1cb28d17689
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=024af7cd034b16d576f3ac3711ddc1cb28d17689
commit 024af7cd034b16d576f3ac3711ddc1cb28d17689
Merge: 34bde4e 9c69c07
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:40:14 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=34bde4e2ea6743d5ff6b87ff48bf5f0d44ad34b6
commit 34bde4e2ea6743d5ff6b87ff48bf5f0d44ad34b6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:40:14 2013 -0300
push
diff --git a/meta b/meta
index 0070d60..4fd9972 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: fc731fec12b826be460969fe67a3d1f0adc70fd3
-Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+Previous: 9c69c077521c48a292610b2fdd63a2ee75f324b1
+Head: a4db052d330a9c934252bc3a1489c922ea797683
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,7 +21,6 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
-Unapplied:
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
@@ -30,4 +29,5 @@ Unapplied:
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c69c077521c48a292610b2fdd63a2ee75f324b1
commit 9c69c077521c48a292610b2fdd63a2ee75f324b1
Merge: 5105379 fc731fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:39:51 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5105379781cf3d9d7f97b4e9aeb4b34d888263ee
commit 5105379781cf3d9d7f97b4e9aeb4b34d888263ee
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:39:51 2013 -0300
goto
diff --git a/meta b/meta
index 7ccb65b..0070d60 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 188a9c2a1336cf01e4c46641dba1f90a79d73cf2
-Head: a4db052d330a9c934252bc3a1489c922ea797683
+Previous: fc731fec12b826be460969fe67a3d1f0adc70fd3
+Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,6 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+Unapplied:
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc731fec12b826be460969fe67a3d1f0adc70fd3
commit fc731fec12b826be460969fe67a3d1f0adc70fd3
Merge: ed68c30 a4db052 188a9c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:36 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed68c303d6f779bac439014c370ee067d84cd5b9
commit ed68c303d6f779bac439014c370ee067d84cd5b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:36 2013 -0300
push
diff --git a/meta b/meta
index c590fb2..7ccb65b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
-Head: 03deacb6111e143a3cad124bf1aee0d111f3bb81
+Previous: 188a9c2a1336cf01e4c46641dba1f90a79d73cf2
+Head: a4db052d330a9c934252bc3a1489c922ea797683
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -28,6 +28,6 @@ Applied:
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
+ wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
Unapplied:
- wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index ee52a8e..f168240 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 934314e9de7d53f206e47915ea85ef4798ee295a
-Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
+Bottom: 1055542944ccec75d19150bda526177d2f245c5a
+Top: 13da41faaf0af578a55abbc8971e69874c1f3914
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a4db052d330a9c934252bc3a1489c922ea797683
commit a4db052d330a9c934252bc3a1489c922ea797683
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=188a9c2a1336cf01e4c46641dba1f90a79d73cf2
commit 188a9c2a1336cf01e4c46641dba1f90a79d73cf2
Merge: c3e4f05 03deacb 6ca4824
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:35 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3e4f05ef5ef05650041900dbd4d5f0a3ba237e9
commit c3e4f05ef5ef05650041900dbd4d5f0a3ba237e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:35 2013 -0300
push
diff --git a/meta b/meta
index 453dbe4..c590fb2 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2cca10d1496cfd37dd55138428d66f765dbeafbe
-Head: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
+Previous: 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
+Head: 03deacb6111e143a3cad124bf1aee0d111f3bb81
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -27,7 +27,7 @@ Applied:
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
+ wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
Unapplied:
- wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index a8a9208..86850be 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
-Top: 934314e9de7d53f206e47915ea85ef4798ee295a
+Bottom: da17c9be69e48d21ca52d734c608880653385a32
+Top: 1055542944ccec75d19150bda526177d2f245c5a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=03deacb6111e143a3cad124bf1aee0d111f3bb81
commit 03deacb6111e143a3cad124bf1aee0d111f3bb81
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
commit 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
Merge: 9cd0acc 2cca10d 7bdeaf7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:34 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9cd0acc9a99c7672ab8a4eedc1b9af34c2683708
commit 9cd0acc9a99c7672ab8a4eedc1b9af34c2683708
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:34 2013 -0300
push
diff --git a/meta b/meta
index 35c9bb8..453dbe4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: dda771a556f201b9d0ffccaca415109ccc15a047
-Head: 618424dc72936ee238334d665063f1dd84a12715
+Previous: 2cca10d1496cfd37dd55138428d66f765dbeafbe
+Head: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -26,8 +26,8 @@ Applied:
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
+ wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Unapplied:
- wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 09d43ed..77dcb9b 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
-Top: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Bottom: 49462a8df64b7650a0f0439d8ebb0709f38313fb
+Top: da17c9be69e48d21ca52d734c608880653385a32
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
commit 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2cca10d1496cfd37dd55138428d66f765dbeafbe
commit 2cca10d1496cfd37dd55138428d66f765dbeafbe
Merge: 715e15a dda771a 618424d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:33 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=715e15aad732599ba684b018145e7ac130194323
commit 715e15aad732599ba684b018145e7ac130194323
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:33 2013 -0300
push
diff --git a/meta b/meta
index f6cc64e..35c9bb8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
-Head: bffba61b6f949ae966b8395e2285450fd747adae
+Previous: dda771a556f201b9d0ffccaca415109ccc15a047
+Head: 618424dc72936ee238334d665063f1dd84a12715
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -25,8 +25,8 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
+ wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
Unapplied:
- wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index c2dd68c..3fee822 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
-Top: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Bottom: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
+Top: 49462a8df64b7650a0f0439d8ebb0709f38313fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=618424dc72936ee238334d665063f1dd84a12715
commit 618424dc72936ee238334d665063f1dd84a12715
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dda771a556f201b9d0ffccaca415109ccc15a047
commit dda771a556f201b9d0ffccaca415109ccc15a047
Merge: 9395746 6bf09ff bffba61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:32 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93957467a70cbb07091db9305c660192646c37f6
commit 93957467a70cbb07091db9305c660192646c37f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:32 2013 -0300
push
diff --git a/meta b/meta
index 8ad2fec..f6cc64e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 76bac2d3aff95109ec070609c061d068f345f872
-Head: b62126da8228002a5ceb39f3a8f8fc1335f71b52
+Previous: 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
+Head: bffba61b6f949ae966b8395e2285450fd747adae
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -24,8 +24,8 @@ Applied:
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
+ wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
Unapplied:
- wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 4b6d73f..274d546 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 4275437ac31826c5f18c9a5e4b30e85235c02761
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
+Top: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bffba61b6f949ae966b8395e2285450fd747adae
commit bffba61b6f949ae966b8395e2285450fd747adae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6bf09ff7800d73e6cd33a4d93004a9023f731dc0
commit 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
Merge: 30e5656 76bac2d b62126d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=30e5656bae5fa937caa508bb6d04ffd84e59afe2
commit 30e5656bae5fa937caa508bb6d04ffd84e59afe2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
diff --git a/meta b/meta
index 3cfe21d..8ad2fec 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
-Head: 062ff84a7871423535c7c5f066d10e4090c7538b
+Previous: 76bac2d3aff95109ec070609c061d068f345f872
+Head: b62126da8228002a5ceb39f3a8f8fc1335f71b52
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -23,8 +23,8 @@ Applied:
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
+ wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
Unapplied:
- wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index dfc7d5e..1f27ee4 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
-Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Bottom: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
+Top: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b62126da8228002a5ceb39f3a8f8fc1335f71b52
commit b62126da8228002a5ceb39f3a8f8fc1335f71b52
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76bac2d3aff95109ec070609c061d068f345f872
commit 76bac2d3aff95109ec070609c061d068f345f872
Merge: a43410a 5d4d522 062ff84
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a43410af92a9b5c8eb1b3add852ad8ce57bdff70
commit a43410af92a9b5c8eb1b3add852ad8ce57bdff70
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
diff --git a/meta b/meta
index fab563c..3cfe21d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4f8bd859aa8ea04e484c884568c95714b760a431
-Head: 56b87287256294aac20d87cc8fb9f6b7febbe014
+Previous: 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
+Head: 062ff84a7871423535c7c5f066d10e4090c7538b
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
+ wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
Unapplied:
- wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 93b8b21..f3bfdad 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 34850c3fae2002c32308b3353855e2de0a18b4d3
-Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Bottom: 6fc14fb146cab43af0e1bda549c1bb507464c42d
+Top: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=062ff84a7871423535c7c5f066d10e4090c7538b
commit 062ff84a7871423535c7c5f066d10e4090c7538b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d4d522b68a597b9295d8fbabfbe708f3ee416dd
commit 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
Merge: 9213fd5 4f8bd85 56b8728
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:30 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9213fd51ad214ae03727e1b1490eeec71ea0041d
commit 9213fd51ad214ae03727e1b1490eeec71ea0041d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:30 2013 -0300
push
diff --git a/meta b/meta
index 4e4f771..fab563c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c80d4db9267cd250c557ac1708878125a456db56
-Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+Previous: 4f8bd859aa8ea04e484c884568c95714b760a431
+Head: 56b87287256294aac20d87cc8fb9f6b7febbe014
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+ wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
Unapplied:
- wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 1477a1e..d65dda1 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9810f600dc88278307b0fb70f5a0bc3a128cac35
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
+Top: 6fc14fb146cab43af0e1bda549c1bb507464c42d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=56b87287256294aac20d87cc8fb9f6b7febbe014
commit 56b87287256294aac20d87cc8fb9f6b7febbe014
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4f8bd859aa8ea04e484c884568c95714b760a431
commit 4f8bd859aa8ea04e484c884568c95714b760a431
Merge: 128da13 a7e2ad1 c80d4db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=128da139d0c42cc18392024fdc8c2d0f449b51da
commit 128da139d0c42cc18392024fdc8c2d0f449b51da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh
diff --git a/meta b/meta
index af0bab7..4e4f771 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
-Head: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
+Previous: c80d4db9267cd250c557ac1708878125a456db56
+Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -20,8 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
- wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
- refresh-temp: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
+ wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
Unapplied:
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 3fcd55a..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 399ffe27a17cf7d3358a5588aa455450336867d1
-Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:38:27 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index da50d18..60e08d8 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c and free, and _nl_find_locale, which amount to all documented safety
- @c issues. It also calls new_composite_name, setdata, and setname,
- @c without any additional issues. _nl_find_locale calls getenv, ...
--This function returns a pointer read
-+@c This function returns a pointer read...
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 3dfc7ca..2cf1838 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 530229eff374ce006c4c7f955d1d897e0a4056c6
-Top: 399ffe27a17cf7d3358a5588aa455450336867d1
+Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..da50d18 100644
+index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -29,7 +29,7 @@ index 2f10fcd..da50d18 100644
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
++@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c80d4db9267cd250c557ac1708878125a456db56
commit c80d4db9267cd250c557ac1708878125a456db56
Merge: 472509b 9c71bbf 35eee9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=472509b5e1ba162e218857ef22fa50f4232ddea6
commit 472509b5e1ba162e218857ef22fa50f4232ddea6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 83bfe92..af0bab7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 117f96a014f403b989798de6173188a404217e23
-Head: 87435eab512846c7999ee8bf7469e274a83555fe
+Previous: 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
+Head: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,6 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
+ refresh-temp: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Unapplied:
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..3fcd55a
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 399ffe27a17cf7d3358a5588aa455450336867d1
+Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:38:27 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index da50d18..60e08d8 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c and free, and _nl_find_locale, which amount to all documented safety
+ @c issues. It also calls new_composite_name, setdata, and setname,
+ @c without any additional issues. _nl_find_locale calls getenv, ...
+-This function returns a pointer read
++@c This function returns a pointer read...
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35eee9e8d5320718c1c0a525b3cd0f7739f0d427
commit 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index da50d18..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c and free, and _nl_find_locale, which amount to all documented safety
@c issues. It also calls new_composite_name, setdata, and setname,
@c without any additional issues. _nl_find_locale calls getenv, ...
-This function returns a pointer read
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7e2ad1ab8005398467e21a1903513ad72c3bb99
commit a7e2ad1ab8005398467e21a1903513ad72c3bb99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
commit 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
Merge: 1a14ed1 117f96a 87435ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:26 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1a14ed12a61412dfdade038568d8f8765d31ff52
commit 1a14ed12a61412dfdade038568d8f8765d31ff52
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:26 2013 -0300
push
diff --git a/meta b/meta
index f13d651..83bfe92 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 039b5e411cd67063f2e119af1c56e349f170f4cf
-Head: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
+Previous: 117f96a014f403b989798de6173188a404217e23
+Head: 87435eab512846c7999ee8bf7469e274a83555fe
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -20,8 +20,8 @@ Applied:
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
+ wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
Unapplied:
- wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 3fe7a6a..3dfc7ca 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 1b3315652dde989dd535a1572985e5afdd6c5e99
-Top: 9810f600dc88278307b0fb70f5a0bc3a128cac35
+Bottom: 530229eff374ce006c4c7f955d1d897e0a4056c6
+Top: 399ffe27a17cf7d3358a5588aa455450336867d1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=87435eab512846c7999ee8bf7469e274a83555fe
commit 87435eab512846c7999ee8bf7469e274a83555fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=622b7f4fdcb3b1ade62c26693365f35a3a7a7031
commit 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=117f96a014f403b989798de6173188a404217e23
commit 117f96a014f403b989798de6173188a404217e23
Merge: 076cc66 039b5e4 622b7f4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=076cc66450c2311ca2f73682b21d6e88c1ca43ff
commit 076cc66450c2311ca2f73682b21d6e88c1ca43ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:25 2013 -0300
push
diff --git a/meta b/meta
index 423a8d6..f13d651 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 01b4ed4821c8fd161995206963f729f154dba7b4
-Head: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
+Previous: 039b5e411cd67063f2e119af1c56e349f170f4cf
+Head: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -19,8 +19,8 @@ Applied:
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
+ manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Unapplied:
- manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 0de73f6..2534cf3 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 1b3315652dde989dd535a1572985e5afdd6c5e99
+Bottom: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
+Top: 530229eff374ce006c4c7f955d1d897e0a4056c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=accb81f4e2f55ac6c8c0a9d8762668829bca23f8
commit accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=039b5e411cd67063f2e119af1c56e349f170f4cf
commit 039b5e411cd67063f2e119af1c56e349f170f4cf
Merge: bbc438e 01b4ed4 accb81f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:24 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bbc438e08509e5fa1cc8c37dcc736102867ce763
commit bbc438e08509e5fa1cc8c37dcc736102867ce763
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:24 2013 -0300
push
diff --git a/meta b/meta
index d1a517e..423a8d6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b698a1cb62c164162476e9ca5b2e8014b9e28a0f
-Head: b791ca7244516eba35200090ff65146015bbcf80
+Previous: 01b4ed4821c8fd161995206963f729f154dba7b4
+Head: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -18,8 +18,8 @@ Applied:
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
+ manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Unapplied:
- manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..ede6838 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
+Top: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b791ca7244516eba35200090ff65146015bbcf80
commit b791ca7244516eba35200090ff65146015bbcf80
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=01b4ed4821c8fd161995206963f729f154dba7b4
commit 01b4ed4821c8fd161995206963f729f154dba7b4
Merge: 24ee441 b698a1c b791ca7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=24ee4411419f64016737dbf89dcb1d75f6df6aab
commit 24ee4411419f64016737dbf89dcb1d75f6df6aab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
diff --git a/meta b/meta
index e2c5c27..d1a517e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ea8c680babd2266f6826b2f043599f311baa1f9f
-Head: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
+Previous: b698a1cb62c164162476e9ca5b2e8014b9e28a0f
+Head: b791ca7244516eba35200090ff65146015bbcf80
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -17,8 +17,8 @@ Applied:
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
+ manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
Unapplied:
- manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 09d2cc9..93ad7bd 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: b58e76e4078fdee40947d68820e0f861f8cac2de
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
+Top: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b698a1cb62c164162476e9ca5b2e8014b9e28a0f
commit b698a1cb62c164162476e9ca5b2e8014b9e28a0f
Merge: 3f73f18 ea8c680 d2b8bf8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f73f189c4043b265e67f000e7a70ec7ef5bbbcd
commit 3f73f189c4043b265e67f000e7a70ec7ef5bbbcd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
diff --git a/meta b/meta
index 41c97ed..e2c5c27 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a93eed6f48d61323fe92247fc86da838ad4172f9
-Head: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
+Previous: ea8c680babd2266f6826b2f043599f311baa1f9f
+Head: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -16,8 +16,8 @@ Applied:
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
+ manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Unapplied:
- manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index e6f679b..ce62710 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 08a4456877254843d89c18fe88e4c0431857fcff
-Top: b58e76e4078fdee40947d68820e0f861f8cac2de
+Bottom: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
+Top: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
commit d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea8c680babd2266f6826b2f043599f311baa1f9f
commit ea8c680babd2266f6826b2f043599f311baa1f9f
Merge: d3e4303 a93eed6 3a6ba50
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3e430304b131011cea3a95b6a7e9946f6689af2
commit d3e430304b131011cea3a95b6a7e9946f6689af2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:22 2013 -0300
push
diff --git a/meta b/meta
index f5933c3..41c97ed 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b9765d52b038b1fdbfcfc48eee9147c715bac3ba
-Head: f543b69a645a445a7b7484e4e4729387deb00d58
+Previous: a93eed6f48d61323fe92247fc86da838ad4172f9
+Head: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -15,8 +15,8 @@ Applied:
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
+ manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Unapplied:
- manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index abfb497..96f67fc 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 08a4456877254843d89c18fe88e4c0431857fcff
+Bottom: 7673305db24e0b03187acb8928ddfeca18980793
+Top: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
commit 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a93eed6f48d61323fe92247fc86da838ad4172f9
commit a93eed6f48d61323fe92247fc86da838ad4172f9
Merge: 7ea26a0 b9765d5 f543b69
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:21 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ea26a00bfd4dc3967722d3e5d10e247de9515af
commit 7ea26a00bfd4dc3967722d3e5d10e247de9515af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:21 2013 -0300
push
diff --git a/meta b/meta
index f3dc0e0..f5933c3 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f65d41328fcfd4d4becadcb876f6f728780a5534
-Head: 88f6858a8c928050ef2686d392ea593e05cfc34a
+Previous: b9765d52b038b1fdbfcfc48eee9147c715bac3ba
+Head: f543b69a645a445a7b7484e4e4729387deb00d58
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -14,8 +14,8 @@ Applied:
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
+ manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
Unapplied:
- manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 753c8f5..54c020d 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
-Top: 18760d732995b8379bc372377398a8fd58732762
+Bottom: e32560bf251105655d134b5c41a9b8fdd9801d15
+Top: 7673305db24e0b03187acb8928ddfeca18980793
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f543b69a645a445a7b7484e4e4729387deb00d58
commit f543b69a645a445a7b7484e4e4729387deb00d58
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b9765d52b038b1fdbfcfc48eee9147c715bac3ba
commit b9765d52b038b1fdbfcfc48eee9147c715bac3ba
Merge: 8ed2f07 88f6858 f65d413
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:19 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ed2f0753e68f562d692c76b5e108bd61a9aca28
commit 8ed2f0753e68f562d692c76b5e108bd61a9aca28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:19 2013 -0300
refresh
diff --git a/meta b/meta
index 7d6904c..f3dc0e0 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 46b56b66a87e1cb898bb251259eda2d285f81f55
-Head: fe69b4d1428162d2b3d8a819a66b192ef427a329
+Previous: f65d41328fcfd4d4becadcb876f6f728780a5534
+Head: 88f6858a8c928050ef2686d392ea593e05cfc34a
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -13,8 +13,7 @@ Applied:
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
- manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
- refresh-temp: fe69b4d1428162d2b3d8a819a66b192ef427a329
+ manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
Unapplied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index a287465..5ffc492 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
Bottom: 94d2ef49874113afaf68e43004adb8da972729b9
-Top: ef75c87ba4586a879f503ee1b10a162b33a420e3
+Top: e32560bf251105655d134b5c41a9b8fdd9801d15
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..2244025 100644
+index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@@ -292,7 +292,7 @@ index 1df9cf2..2244025 100644
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
++@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 2506c0f..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: ef75c87ba4586a879f503ee1b10a162b33a420e3
-Top: e32560bf251105655d134b5c41a9b8fdd9801d15
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:37:18 -0300
-
-Refresh of manual-document-mt-safety-filesys.patch
-
----
-
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 2244025..47176cc 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
- @c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
- @c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
- @c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
--@c find_object (tsearch) and add_object (tfind).
-+@c find_object (tsearch) and add_object (tfind).
- @c Since each invocation of *ftw uses its own private search tree, none
- @c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f65d41328fcfd4d4becadcb876f6f728780a5534
commit f65d41328fcfd4d4becadcb876f6f728780a5534
Merge: 16abc2e 46b56b6 fe69b4d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16abc2e0ab1669be38ba2031daf5dd42ed208eef
commit 16abc2e0ab1669be38ba2031daf5dd42ed208eef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 8a44063..7d6904c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ad0739404f1903efd7a41c839a8ac8c637046c1d
-Head: a9226edaf034632058b974acb03d3440eac70053
+Previous: 46b56b66a87e1cb898bb251259eda2d285f81f55
+Head: fe69b4d1428162d2b3d8a819a66b192ef427a329
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
+ refresh-temp: fe69b4d1428162d2b3d8a819a66b192ef427a329
Unapplied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..2506c0f
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: ef75c87ba4586a879f503ee1b10a162b33a420e3
+Top: e32560bf251105655d134b5c41a9b8fdd9801d15
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:37:18 -0300
+
+Refresh of manual-document-mt-safety-filesys.patch
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 2244025..47176cc 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
+ @c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+ @c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+ @c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+-@c find_object (tsearch) and add_object (tfind).
++@c find_object (tsearch) and add_object (tfind).
+ @c Since each invocation of *ftw uses its own private search tree, none
+ @c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe69b4d1428162d2b3d8a819a66b192ef427a329
commit fe69b4d1428162d2b3d8a819a66b192ef427a329
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
Refresh of manual-document-mt-safety-filesys.patch
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 2244025..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-@c find_object (tsearch) and add_object (tfind).
+@c find_object (tsearch) and add_object (tfind).
@c Since each invocation of *ftw uses its own private search tree, none
@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=88f6858a8c928050ef2686d392ea593e05cfc34a
commit 88f6858a8c928050ef2686d392ea593e05cfc34a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46b56b66a87e1cb898bb251259eda2d285f81f55
commit 46b56b66a87e1cb898bb251259eda2d285f81f55
Merge: c1491db ad07394 a9226ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:05 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c1491db817b576709534590538bcfed908ba8636
commit c1491db817b576709534590538bcfed908ba8636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:05 2013 -0300
push
diff --git a/meta b/meta
index 203e67f..8a44063 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7b17963914895e7c6e841738568c70e6b1dad418
-Head: c809e22eb30fc43d15192d36963a8e19f7d65b0c
+Previous: ad0739404f1903efd7a41c839a8ac8c637046c1d
+Head: a9226edaf034632058b974acb03d3440eac70053
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -13,8 +13,8 @@ Applied:
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
+ manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
Unapplied:
- manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 7b4e146..a287465 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
-Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Bottom: 94d2ef49874113afaf68e43004adb8da972729b9
+Top: ef75c87ba4586a879f503ee1b10a162b33a420e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9226edaf034632058b974acb03d3440eac70053
commit a9226edaf034632058b974acb03d3440eac70053
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c809e22eb30fc43d15192d36963a8e19f7d65b0c
commit c809e22eb30fc43d15192d36963a8e19f7d65b0c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad0739404f1903efd7a41c839a8ac8c637046c1d
commit ad0739404f1903efd7a41c839a8ac8c637046c1d
Merge: cf53de7 7b17963 c809e22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:04 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cf53de7d61a899ee849e2b4185f768a916184a35
commit cf53de7d61a899ee849e2b4185f768a916184a35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:04 2013 -0300
push
diff --git a/meta b/meta
index 0095f76..203e67f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ff4b802a46c6ed82436bd4d9652222c18aa88b51
-Head: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
+Previous: 7b17963914895e7c6e841738568c70e6b1dad418
+Head: c809e22eb30fc43d15192d36963a8e19f7d65b0c
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -12,8 +12,8 @@ Applied:
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
+ manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
Unapplied:
- manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 7b30386..67a101a 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
-Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Bottom: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
+Top: 94d2ef49874113afaf68e43004adb8da972729b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
commit 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7b17963914895e7c6e841738568c70e6b1dad418
commit 7b17963914895e7c6e841738568c70e6b1dad418
Merge: 43a440e ff4b802 61349e0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:03 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=43a440e0d0fbf025378ed9aad5eed3d269781dbf
commit 43a440e0d0fbf025378ed9aad5eed3d269781dbf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:03 2013 -0300
push
diff --git a/meta b/meta
index bea7600..0095f76 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
-Head: c67c0318158e4a31db772c98b8828e54db56693e
+Previous: ff4b802a46c6ed82436bd4d9652222c18aa88b51
+Head: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -11,8 +11,8 @@ Applied:
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
+ manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Unapplied:
- manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 2063a20..9b0749d 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
-Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Bottom: 3de021265ff25f1386d7a7c20b91b2a25d84120f
+Top: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c67c0318158e4a31db772c98b8828e54db56693e
commit c67c0318158e4a31db772c98b8828e54db56693e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ff4b802a46c6ed82436bd4d9652222c18aa88b51
commit ff4b802a46c6ed82436bd4d9652222c18aa88b51
Merge: 6558fa6 90a7b88 c67c031
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:02 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6558fa65ae0022b261220c9136727dd174b01b3b
commit 6558fa65ae0022b261220c9136727dd174b01b3b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:02 2013 -0300
push
diff --git a/meta b/meta
index f3d91e6..bea7600 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
-Head: 93bce6450adbd4597a1a0d96bca4162b367a61c4
+Previous: 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
+Head: c67c0318158e4a31db772c98b8828e54db56693e
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -10,8 +10,8 @@ Applied:
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
+ manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
Unapplied:
- manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 8700f8e..c5de015 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
-Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Bottom: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
+Top: 3de021265ff25f1386d7a7c20b91b2a25d84120f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93bce6450adbd4597a1a0d96bca4162b367a61c4
commit 93bce6450adbd4597a1a0d96bca4162b367a61c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
commit 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
Merge: acd3a9a 99a32f1 93bce64
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:01 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=acd3a9a9fb2d00946518163380b31f4abbf04c0c
commit acd3a9a9fb2d00946518163380b31f4abbf04c0c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:01 2013 -0300
push
diff --git a/meta b/meta
index ac5bceb..f3d91e6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eac7aed6d7204866334765380c9f4dcf4d27712
-Head: b2f06012824f907fd1cb35844c2e7a054ddf81f9
+Previous: 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
+Head: 93bce6450adbd4597a1a0d96bca4162b367a61c4
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
+ manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
Unapplied:
- manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 20411b6..b799073 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
-Top: 25551ef91682bea014db1b2031e4dad60a4ba129
+Bottom: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
+Top: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b2f06012824f907fd1cb35844c2e7a054ddf81f9
commit b2f06012824f907fd1cb35844c2e7a054ddf81f9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=99a32f1e3010e8bbad037c1418ff9010c6bccbf2
commit 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
Merge: b500f7d 9eac7ae b2f0601
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:00 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b500f7d93c0b4972c9ca8f81dc50fb6baa575be7
commit b500f7d93c0b4972c9ca8f81dc50fb6baa575be7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:00 2013 -0300
push
diff --git a/meta b/meta
index 5ba29aa..ac5bceb 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 349313a3dd747639c0add943ebcbfa40edc7b949
-Head: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
+Previous: 9eac7aed6d7204866334765380c9f4dcf4d27712
+Head: b2f06012824f907fd1cb35844c2e7a054ddf81f9
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -8,8 +8,8 @@ Applied:
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
+ manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
Unapplied:
- manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 0db760e..ad74927 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
-Top: 621eb53ac8713123406be43ebd474132b7c6e4de
+Bottom: 635dade8c2d466563bdeba84575ccfd57214e37e
+Top: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9e121d9ec8c4633d64cc9744360fbeca9f156bf0
commit 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eac7aed6d7204866334765380c9f4dcf4d27712
commit 9eac7aed6d7204866334765380c9f4dcf4d27712
Merge: e0dcb1a 349313a 9e121d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:59 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e0dcb1ab9cc1f8e1eb49fd1046cdbd0bf19ab1d1
commit e0dcb1ab9cc1f8e1eb49fd1046cdbd0bf19ab1d1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:59 2013 -0300
push
diff --git a/meta b/meta
index 0d54dab..5ba29aa 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 5db9fbe9041fbed617eb79c77493ef6f1625e290
-Head: 838c715e0d3f4c3674975edd26315e143cca1455
+Previous: 349313a3dd747639c0add943ebcbfa40edc7b949
+Head: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
+ manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Unapplied:
- manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 6935950..45a1643 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 802ed278ee78a71e6694780a51b4b82573651127
-Top: 8630788acc532aafc6569e76eaf6a0ce2bd4583e
+Bottom: 20fd58920c13f96b1451eda75458a9c942d2094e
+Top: 635dade8c2d466563bdeba84575ccfd57214e37e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=349313a3dd747639c0add943ebcbfa40edc7b949
commit 349313a3dd747639c0add943ebcbfa40edc7b949
Merge: eca6f0b 838c715 5db9fbe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:34 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eca6f0b9acfe5fc1ad8e178cc3ae02385b761874
commit eca6f0b9acfe5fc1ad8e178cc3ae02385b761874
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:34 2013 -0300
refresh
diff --git a/meta b/meta
index f71e2d2..0d54dab 100644
--- a/meta
+++ b/meta
@@ -1,13 +1,12 @@
Version: 1
-Previous: 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
-Head: 831663a122760bc287ae8012fad51497619b234e
+Previous: 5db9fbe9041fbed617eb79c77493ef6f1625e290
+Head: 838c715e0d3f4c3674975edd26315e143cca1455
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
- manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
- refresh-temp: 831663a122760bc287ae8012fad51497619b234e
+ manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
Unapplied:
manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index b23a7d8..9eca6bc 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
Bottom: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
-Top: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 20fd58920c13f96b1451eda75458a9c942d2094e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/arith.texi b/manual/arith.texi
-index 77056c3..5c3aa9d 100644
+index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@@ -826,7 +826,7 @@ index 77056c3..5c3aa9d 100644
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
-+@c args_value if it's too large, but gcvt never exercises this path.
++@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0b98566..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 802ed278ee78a71e6694780a51b4b82573651127
-Top: 20fd58920c13f96b1451eda75458a9c942d2094e
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:36:33 -0300
-
-Refresh of manual-document-mt-safety-arith.patch
-
----
-
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 5c3aa9d..c0cd350 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -2666,7 +2666,7 @@ to @code{fcvt}.
- @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
- @safety{@mtsafe{}@assafe{}@acsafe{}}
- @c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
--@c args_value if it's too large, but gcvt never exercises this path.
-+@c args_value if it's too large, but gcvt never exercises this path.
- @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
- ndigit, value}. It is provided only for compatibility's sake. It
- returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5db9fbe9041fbed617eb79c77493ef6f1625e290
commit 5db9fbe9041fbed617eb79c77493ef6f1625e290
Merge: 8e47328 2d0bbd8 831663a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8e4732834ba216f49979c7e122c6231a2deb8fcc
commit 8e4732834ba216f49979c7e122c6231a2deb8fcc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index dc8bfd3..f71e2d2 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,13 @@
Version: 1
-Previous: d6234b156e44d866fb19cd4513e613642ffa7346
-Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+Previous: 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
+Head: 831663a122760bc287ae8012fad51497619b234e
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+ refresh-temp: 831663a122760bc287ae8012fad51497619b234e
Unapplied:
manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0b98566
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 20fd58920c13f96b1451eda75458a9c942d2094e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:36:33 -0300
+
+Refresh of manual-document-mt-safety-arith.patch
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 5c3aa9d..c0cd350 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -2666,7 +2666,7 @@ to @code{fcvt}.
+ @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+ @safety{@mtsafe{}@assafe{}@acsafe{}}
+ @c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+-@c args_value if it's too large, but gcvt never exercises this path.
++@c args_value if it's too large, but gcvt never exercises this path.
+ @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
+ ndigit, value}. It is provided only for compatibility's sake. It
+ returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=831663a122760bc287ae8012fad51497619b234e
commit 831663a122760bc287ae8012fad51497619b234e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
Refresh of manual-document-mt-safety-arith.patch
diff --git a/manual/arith.texi b/manual/arith.texi
index 5c3aa9d..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -2666,7 +2666,7 @@ to @code{fcvt}.
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
@safety{@mtsafe{}@assafe{}@acsafe{}}
@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
-@c args_value if it's too large, but gcvt never exercises this path.
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
commit 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
Merge: a27b834 d6234b1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a27b8346429ac4f2e2146550fdcf07ce8af508e2
commit a27b8346429ac4f2e2146550fdcf07ce8af508e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:18 2013 -0300
pop
diff --git a/meta b/meta
index b913e04..dc8bfd3 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: b8d90ae0c166b84615d28e15bd49b148198e775d
-Head: 32e6dfea09eccf189affbee43bff67b4989ada90
+Previous: d6234b156e44d866fb19cd4513e613642ffa7346
+Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
- manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
Unapplied:
+ manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d6234b156e44d866fb19cd4513e613642ffa7346
commit d6234b156e44d866fb19cd4513e613642ffa7346
Merge: 075391f b8d90ae 32e6dfe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:10 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=075391fa607ad0bd3fcd3ec58620a879d06b96c0
commit 075391fa607ad0bd3fcd3ec58620a879d06b96c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:10 2013 -0300
push
diff --git a/meta b/meta
index 92bad98..b913e04 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 68df847c7cd75361a07d4b7603ff1c35408a0863
-Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+Previous: b8d90ae0c166b84615d28e15bd49b148198e775d
+Head: 32e6dfea09eccf189affbee43bff67b4989ada90
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+ manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
Unapplied:
- manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index c4d22ae..6935950 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
-Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Bottom: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 8630788acc532aafc6569e76eaf6a0ce2bd4583e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=32e6dfea09eccf189affbee43bff67b4989ada90
commit 32e6dfea09eccf189affbee43bff67b4989ada90
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=838c715e0d3f4c3674975edd26315e143cca1455
commit 838c715e0d3f4c3674975edd26315e143cca1455
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a751af8cdebb9eae59c0c48ce3d4b79d692b3026
commit a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8d90ae0c166b84615d28e15bd49b148198e775d
commit b8d90ae0c166b84615d28e15bd49b148198e775d
Merge: c0ac9fb 68df847 a751af8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:55 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0ac9fb6fa72b5e0bdc0efed5c601d389c5f38d4
commit c0ac9fb6fa72b5e0bdc0efed5c601d389c5f38d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:55 2013 -0300
push
diff --git a/meta b/meta
index 4948513..92bad98 100644
--- a/meta
+++ b/meta
@@ -1,13 +1,13 @@
Version: 1
-Previous: 4777c890ea3feef7118158898c52d558e960eb56
-Head: 3d307972daeb49e5b5bed74887140e9d5bcb58de
+Previous: 68df847c7cd75361a07d4b7603ff1c35408a0863
+Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
+ manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Unapplied:
- manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49b1456..b23a7d8 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
-Top: 260809414e54f35864ab54b52fdbff3517f05f2e
+Bottom: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
+Top: 802ed278ee78a71e6694780a51b4b82573651127
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68df847c7cd75361a07d4b7603ff1c35408a0863
commit 68df847c7cd75361a07d4b7603ff1c35408a0863
Merge: 76c1cae 3d30797 4777c89
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76c1caed2a8eadde4ca1116e2a7ce75c566c67cd
commit 76c1caed2a8eadde4ca1116e2a7ce75c566c67cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh
diff --git a/meta b/meta
index 4734cac..4948513 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,11 @@
Version: 1
-Previous: deb22b5c421ce209fd4213dffe23b9ba6f03fd80
-Head: 9895792647585fff29af719a760be76b9bf6f1ca
+Previous: 4777c890ea3feef7118158898c52d558e960eb56
+Head: 3d307972daeb49e5b5bed74887140e9d5bcb58de
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
- manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
- refresh-temp: 9895792647585fff29af719a760be76b9bf6f1ca
+ manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
Unapplied:
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 87d4389..0357d25 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
Bottom: 342d93cedbc3899d97eb6abb3179c639ca189041
-Top: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
+Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/argp.texi b/manual/argp.texi
-index c9fbe97..5322f91 100644
+index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@@ -235,7 +235,7 @@ index c9fbe97..5322f91 100644
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help.
++@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 2905a68..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
-Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:35:47 -0300
-
-Refresh of manual-document-mt-safety-argp.patch
-
----
-
-diff --git a/manual/argp.texi b/manual/argp.texi
-index 5322f91..22e7b9e 100644
---- a/manual/argp.texi
-+++ b/manual/argp.texi
-@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
- @comment GNU
- @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
- @safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
--@c Just calls _help.
-+@c Just calls _help.
- This outputs a help message for the argp parser @var{argp} to
- @var{stream}. The type of messages printed will be determined by
- @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4777c890ea3feef7118158898c52d558e960eb56
commit 4777c890ea3feef7118158898c52d558e960eb56
Merge: bb1b10c deb22b5 9895792
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bb1b10cfcd667f08e3f535b221540a4da4a9eb06
commit bb1b10cfcd667f08e3f535b221540a4da4a9eb06
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 618ca46..4734cac 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,12 @@
Version: 1
-Previous: 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
-Head: a1791992633c9fa1862a3073f1396b1b2984430f
+Previous: deb22b5c421ce209fd4213dffe23b9ba6f03fd80
+Head: 9895792647585fff29af719a760be76b9bf6f1ca
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
+ refresh-temp: 9895792647585fff29af719a760be76b9bf6f1ca
Unapplied:
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..2905a68
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
+Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:35:47 -0300
+
+Refresh of manual-document-mt-safety-argp.patch
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index 5322f91..22e7b9e 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+ @safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+-@c Just calls _help.
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9895792647585fff29af719a760be76b9bf6f1ca
commit 9895792647585fff29af719a760be76b9bf6f1ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
Refresh of manual-document-mt-safety-argp.patch
diff --git a/manual/argp.texi b/manual/argp.texi
index 5322f91..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-@c Just calls _help.
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3d307972daeb49e5b5bed74887140e9d5bcb58de
commit 3d307972daeb49e5b5bed74887140e9d5bcb58de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=deb22b5c421ce209fd4213dffe23b9ba6f03fd80
commit deb22b5c421ce209fd4213dffe23b9ba6f03fd80
Merge: 8200372 122aa56 a179199
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8200372a98931eb89aff47b2169097a5b241213c
commit 8200372a98931eb89aff47b2169097a5b241213c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:25 2013 -0300
push
diff --git a/meta b/meta
index aad55e1..618ca46 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,12 @@
Version: 1
-Previous: 449608a0e1f9f7031456901831cf276d4a3ce2a8
-Head: 3be99ad69c588de34f357cdfc3e293046eb30b58
+Previous: 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
+Head: a1791992633c9fa1862a3073f1396b1b2984430f
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
+ manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
Unapplied:
- manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 914e844..87d4389 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
-Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Bottom: 342d93cedbc3899d97eb6abb3179c639ca189041
+Top: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a1791992633c9fa1862a3073f1396b1b2984430f
commit a1791992633c9fa1862a3073f1396b1b2984430f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3be99ad69c588de34f357cdfc3e293046eb30b58
commit 3be99ad69c588de34f357cdfc3e293046eb30b58
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
commit 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
Merge: e9ca6ad 3be99ad 449608a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9ca6ada5272e6d8019d75aa14d6dd366664bc7e
commit e9ca6ada5272e6d8019d75aa14d6dd366664bc7e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:22 2013 -0300
push
diff --git a/meta b/meta
index 9c77b8c..aad55e1 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
-Head: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
+Previous: 449608a0e1f9f7031456901831cf276d4a3ce2a8
+Head: 3be99ad69c588de34f357cdfc3e293046eb30b58
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
+ unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
Unapplied:
- unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 0fa4208..9b24c12 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
-Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Bottom: 315c23de417a6094ebe3c8259abcf7f190d93198
+Top: 342d93cedbc3899d97eb6abb3179c639ca189041
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=449608a0e1f9f7031456901831cf276d4a3ce2a8
commit 449608a0e1f9f7031456901831cf276d4a3ce2a8
Merge: b15ced9 42cee93 3071086
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:19 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b15ced979aeb1902b1bf2b385b09c9b14e268b0a
commit b15ced979aeb1902b1bf2b385b09c9b14e268b0a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:19 2013 -0300
push
diff --git a/meta b/meta
index 0b616e0..9c77b8c 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: 338717da7600a142fbc4fc1ecf9c32877a34d3ac
-Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+Previous: 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
+Head: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+ powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 7f2c050..c413ed2 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Bottom: 465695c41ceed4d41aaebf0e135b8f1123912988
+Top: 315c23de417a6094ebe3c8259abcf7f190d93198
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=30710868f55ce7574b12ed319bf2a1c3dc0a3744
commit 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42cee9342d540a15dbfa24ac93b6c76eccfd1d84
commit 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
Merge: dcb29f3 338717d 2bd5708
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dcb29f3c9f41f40763018ac5dc1c679450627f8a
commit dcb29f3c9f41f40763018ac5dc1c679450627f8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh
diff --git a/meta b/meta
index 3c9d198..0b616e0 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: cfbf181420a12a4809c4e059a4ae7cac3012f978
-Head: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
+Previous: 338717da7600a142fbc4fc1ecf9c32877a34d3ac
+Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Applied:
- manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
- refresh-temp: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
+ manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index e164c49..94acf09 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: c59759fbdfb422ada848ebdd3845677059986449
+Top: 465695c41ceed4d41aaebf0e135b8f1123912988
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
@@ -15,7 +15,7 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..e47832c 100644
+index deaf089..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@@ -32,12 +32,12 @@ index deaf089..e47832c 100644
+
+@itemize @bullet
+
-+@item
++@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
-+@item
++@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
@@ -47,7 +47,7 @@ index deaf089..e47832c 100644
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
-+@item
++@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
@@ -213,7 +213,7 @@ index deaf089..e47832c 100644
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
-+destructively.
++destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
@@ -239,7 +239,7 @@ index deaf089..e47832c 100644
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
-+lock.
++lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 37b1c5c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,55 +0,0 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: 465695c41ceed4d41aaebf0e135b8f1123912988
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:35:08 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index e47832c..07f27c9 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
-
- @itemize @bullet
-
--@item
-+@item
- @cindex MT-Safe
- MT-Safe functions are safe to call in the presence of other threads. MT
- stands for Multi Thread.
-
--@item
-+@item
- @cindex AS-Safe
- AS-Safe functions are safe to call from asynchronous signal handlers.
- AS stands for Asynchronous Signal.
-@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
- AC-Safe functions are safe to call when asynchronous cancellation is
- enabled. AC stands for Asynchronous Cancellation.
-
--@item
-+@item
- @cindex MT-Unsafe
- @cindex AS-Unsafe
- @cindex AC-Unsafe
-@@ -363,7 +363,7 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
- additional code modules. This involves opening files, mapping them into
- memory, allocating additional memory, resolving symbols, applying
- relocations and more, all of this while holding the dynamic loader
--lock.
-+lock.
-
- The non-recursive lock itself is enough for the function to be AS- and
- AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=338717da7600a142fbc4fc1ecf9c32877a34d3ac
commit 338717da7600a142fbc4fc1ecf9c32877a34d3ac
Merge: b5e4ccb fcaa52d cfbf181
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b5e4ccb12e1b6fc89981c5eea2f4cf2576c08398
commit b5e4ccb12e1b6fc89981c5eea2f4cf2576c08398
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index a2afb75..3c9d198 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: bc9621873d14d54de91b1fb4da7b489041c57335
-Head: b636b87be9756886bb0f9f1396c31b42d3f83c23
+Previous: cfbf181420a12a4809c4e059a4ae7cac3012f978
+Head: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+ refresh-temp: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..37b1c5c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,55 @@
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: 465695c41ceed4d41aaebf0e135b8f1123912988
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:35:08 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index e47832c..07f27c9 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
+
+ @itemize @bullet
+
+-@item
++@item
+ @cindex MT-Safe
+ MT-Safe functions are safe to call in the presence of other threads. MT
+ stands for Multi Thread.
+
+-@item
++@item
+ @cindex AS-Safe
+ AS-Safe functions are safe to call from asynchronous signal handlers.
+ AS stands for Asynchronous Signal.
+@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
+ AC-Safe functions are safe to call when asynchronous cancellation is
+ enabled. AC stands for Asynchronous Cancellation.
+
+-@item
++@item
+ @cindex MT-Unsafe
+ @cindex AS-Unsafe
+ @cindex AC-Unsafe
+@@ -363,7 +363,7 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
+ additional code modules. This involves opening files, mapping them into
+ memory, allocating additional memory, resolving symbols, applying
+ relocations and more, all of this while holding the dynamic loader
+-lock.
++lock.
+
+ The non-recursive lock itself is enough for the function to be AS- and
+ AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
commit fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index e47832c..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
@itemize @bullet
-@item
+@item
@cindex MT-Safe
MT-Safe functions are safe to call in the presence of other threads. MT
stands for Multi Thread.
-@item
+@item
@cindex AS-Safe
AS-Safe functions are safe to call from asynchronous signal handlers.
AS stands for Asynchronous Signal.
@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
AC-Safe functions are safe to call when asynchronous cancellation is
enabled. AC stands for Asynchronous Cancellation.
-@item
+@item
@cindex MT-Unsafe
@cindex AS-Unsafe
@cindex AC-Unsafe
@@ -363,7 +363,7 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
additional code modules. This involves opening files, mapping them into
memory, allocating additional memory, resolving symbols, applying
relocations and more, all of this while holding the dynamic loader
-lock.
+lock.
The non-recursive lock itself is enough for the function to be AS- and
AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfbf181420a12a4809c4e059a4ae7cac3012f978
commit cfbf181420a12a4809c4e059a4ae7cac3012f978
Merge: cb872d4 bc96218
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:32 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cb872d43ea9e4d2cc182c9b248116adafa152b6a
commit cb872d43ea9e4d2cc182c9b248116adafa152b6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:32 2013 -0300
push
diff --git a/meta b/meta
index bfdfa92..a2afb75 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: bc9621873d14d54de91b1fb4da7b489041c57335
+Head: b636b87be9756886bb0f9f1396c31b42d3f83c23
Applied:
-Unapplied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bc9621873d14d54de91b1fb4da7b489041c57335
commit bc9621873d14d54de91b1fb4da7b489041c57335
Merge: 24e7ff0 ffd5c5b ca0a6bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:30 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=24e7ff019d0c2120d281b8ec57e55e38dfa9a60a
commit 24e7ff019d0c2120d281b8ec57e55e38dfa9a60a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:30 2013 -0300
pop
diff --git a/meta b/meta
index 642b7a7..bfdfa92 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
-Head: 4022accc5d1f9f2ae322f8f76488286c694acd7b
+Previous: ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
commit ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
Merge: 848b85d 9b6d80e 4022acc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:23:06 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=848b85dd2c140ba354d73a36200aab26074a10ea
commit 848b85dd2c140ba354d73a36200aab26074a10ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:23:06 2013 -0300
push
diff --git a/meta b/meta
index f20b1f6..642b7a7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c3a3e2ed03530068c256413199aaf65a2c9a23c6
-Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+Previous: 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
+Head: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,12 +22,12 @@ Applied:
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+ wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
+ wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
+ wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
+ wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
+ wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
+ wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
+ wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Unapplied:
- wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
- wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
- wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
- wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
- wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
- wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
- wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4022accc5d1f9f2ae322f8f76488286c694acd7b
commit 4022accc5d1f9f2ae322f8f76488286c694acd7b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=49c5533ec879c99f89ad9a1ba58929a9739a1254
commit 49c5533ec879c99f89ad9a1ba58929a9739a1254
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9f83c82c1746276acceb4928131d8099c0caf6a
commit a9f83c82c1746276acceb4928131d8099c0caf6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1b3406934ca4e3cb676972632387dd5862c26d57
commit 1b3406934ca4e3cb676972632387dd5862c26d57
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
commit ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
commit 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
commit 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
commit 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
Merge: ec08fe3 c3a3e2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:42 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ec08fe3bd130f00b154a916a391ede6d32edd3a7
commit ec08fe3bd130f00b154a916a391ede6d32edd3a7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:42 2013 -0300
rename
diff --git a/meta b/meta
index b577858..f20b1f6 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
+Previous: c3a3e2ed03530068c256413199aaf65a2c9a23c6
Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -21,7 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
- manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+ wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
similarity index 100%
rename from patches/manual-document-mt-safety-math.patch
rename to patches/wip-manual-document-mt-safety-math.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa6fb5b03c11257d3a3c8dc6b02338662de3178f
commit fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3a3e2ed03530068c256413199aaf65a2c9a23c6
commit c3a3e2ed03530068c256413199aaf65a2c9a23c6
Merge: e1566bf fa6fb5b a6fbeb9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:38 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1566bf9fb88486cbfedc67bf73c3d975cd7572f
commit e1566bf9fb88486cbfedc67bf73c3d975cd7572f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:38 2013 -0300
float
diff --git a/meta b/meta
index 074b28d..b577858 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
-Head: d28c617b0914a75671912795729911dbc6fe09e5
+Previous: a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
+Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -19,9 +19,9 @@ Applied:
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
- manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
- wip-manual-document-mt-safety-locale.patch: d28c617b0914a75671912795729911dbc6fe09e5
+ manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
+ wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
+ manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 9f1572f..1477a1e 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Bottom: 9810f600dc88278307b0fb70f5a0bc3a128cac35
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 3071496..0de73f6 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: cc461998b2abb06c1eee7461c38382b121f21408
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 1b3315652dde989dd535a1572985e5afdd6c5e99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6b37e58..3fe7a6a 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: cc461998b2abb06c1eee7461c38382b121f21408
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: 1b3315652dde989dd535a1572985e5afdd6c5e99
+Top: 9810f600dc88278307b0fb70f5a0bc3a128cac35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c6c8ecacf987abc5dda5f02425179c9f9c5acde
commit 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0960f99a58ac496a2420e3d299e868f900662636
commit 0960f99a58ac496a2420e3d299e868f900662636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
commit a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
Merge: c9c8e70 d28c617 f0a7a15
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:33 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9c8e702649d83e74e760275b8a9eed11a6a54cf
commit c9c8e702649d83e74e760275b8a9eed11a6a54cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:33 2013 -0300
push
diff --git a/meta b/meta
index 8e68578..074b28d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 336fe16b7fe866758508510e2c02a9f9d1e19dae
-Head: e6e54eca8a8e68975917469f5af2de9f0f13343f
+Previous: f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
+Head: d28c617b0914a75671912795729911dbc6fe09e5
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
+ wip-manual-document-mt-safety-locale.patch: d28c617b0914a75671912795729911dbc6fe09e5
Unapplied:
- wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index c0945af..6b37e58 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: cc461998b2abb06c1eee7461c38382b121f21408
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d28c617b0914a75671912795729911dbc6fe09e5
commit d28c617b0914a75671912795729911dbc6fe09e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
commit f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
Merge: b8f3387 e6e54ec 336fe16
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:28 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8f33879ea992d8d06e0d8e8242c3acf47cdea61
commit b8f33879ea992d8d06e0d8e8242c3acf47cdea61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:28 2013 -0300
float
diff --git a/meta b/meta
index ed0d165..8e68578 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: baca28272f714749e2522fd703c767c52d786e4f
-Head: ad614ca21bb3d439075824533620448aaca7dca6
+Previous: 336fe16b7fe866758508510e2c02a9f9d1e19dae
+Head: e6e54eca8a8e68975917469f5af2de9f0f13343f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+ manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
Unapplied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
- manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 439216f..3071496 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: cc461998b2abb06c1eee7461c38382b121f21408
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6e54eca8a8e68975917469f5af2de9f0f13343f
commit e6e54eca8a8e68975917469f5af2de9f0f13343f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=336fe16b7fe866758508510e2c02a9f9d1e19dae
commit 336fe16b7fe866758508510e2c02a9f9d1e19dae
Merge: dc451ff baca282
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:26 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc451ffdd2937ede520866ea1567b289871e09c8
commit dc451ffdd2937ede520866ea1567b289871e09c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:26 2013 -0300
pop
diff --git a/meta b/meta
index 78272d0..ed0d165 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 47e0d3e47e78f161bcff74b05585031fca958b31
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: baca28272f714749e2522fd703c767c52d786e4f
+Head: ad614ca21bb3d439075824533620448aaca7dca6
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+Unapplied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
-Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=baca28272f714749e2522fd703c767c52d786e4f
commit baca28272f714749e2522fd703c767c52d786e4f
Merge: b6ed960 47e0d3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:21 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6ed9609907f099e7f09892662510850976bde97
commit b6ed9609907f099e7f09892662510850976bde97
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:21 2013 -0300
float
diff --git a/meta b/meta
index c0bc41e..78272d0 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 532704a546b6b5b16675eaaad7d2885e53064e4c
-Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Previous: 47e0d3e47e78f161bcff74b05585031fca958b31
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
-Unapplied:
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
+Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=47e0d3e47e78f161bcff74b05585031fca958b31
commit 47e0d3e47e78f161bcff74b05585031fca958b31
Merge: 972eb6c 532704a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=972eb6cb6f7a241af3ef87b42260a2e30df44e76
commit 972eb6cb6f7a241af3ef87b42260a2e30df44e76
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:18 2013 -0300
pop
diff --git a/meta b/meta
index 807199e..c0bc41e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 96d44e67b9d8706145ee8f6a8cf32281036c25ab
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: 532704a546b6b5b16675eaaad7d2885e53064e4c
+Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
- manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
Unapplied:
+ manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=532704a546b6b5b16675eaaad7d2885e53064e4c
commit 532704a546b6b5b16675eaaad7d2885e53064e4c
Merge: c1eb56a 96d44e6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:13 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c1eb56aa4626150ce50e9d62a9353a0fbcff0868
commit c1eb56aa4626150ce50e9d62a9353a0fbcff0868
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:13 2013 -0300
pop
diff --git a/meta b/meta
index 98c6446..807199e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
-Head: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
+Previous: 96d44e67b9d8706145ee8f6a8cf32281036c25ab
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
- wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Unapplied:
+ wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96d44e67b9d8706145ee8f6a8cf32281036c25ab
commit 96d44e67b9d8706145ee8f6a8cf32281036c25ab
Merge: 7a80d63 4513b24 5e554e8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:11 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7a80d63908f847de4ae1d9ff1ffb55a1ca7eb67a
commit 7a80d63908f847de4ae1d9ff1ffb55a1ca7eb67a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:11 2013 -0300
push
diff --git a/meta b/meta
index 2eb9196..98c6446 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
+Head: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
+ wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Unapplied:
- wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index ba122fe..93b8b21 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Bottom: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4513b24df2381c1073bcb1b2eac60bddfc5f51da
commit 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
commit 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
Merge: 9732f8f a42a02e cff460b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:03 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9732f8f54229b855d2133d521d803445a29dca98
commit 9732f8f54229b855d2133d521d803445a29dca98
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:03 2013 -0300
float
diff --git a/meta b/meta
index 560ae1d..2eb9196 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9b994d726d2334605ede7ee74e40464832004c1a
-Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Previous: cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,9 +21,9 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+ manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
Unapplied:
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
- manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 2d0e681..439216f 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
-Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a42a02e1e7c652cc7780640ba20259c587532248
commit a42a02e1e7c652cc7780640ba20259c587532248
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
commit cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
Merge: d40ff1e 9b994d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:58 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d40ff1ed4d170ecf325d0020f9bfaf8294ed83f6
commit d40ff1ed4d170ecf325d0020f9bfaf8294ed83f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:58 2013 -0300
pop
diff --git a/meta b/meta
index 3a1710a..560ae1d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 797bbc4701e79da18f6ad5d0cccc653c322796ec
-Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
+Previous: 9b994d726d2334605ede7ee74e40464832004c1a
+Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,10 +21,10 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Unapplied:
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
-Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9b994d726d2334605ede7ee74e40464832004c1a
commit 9b994d726d2334605ede7ee74e40464832004c1a
Merge: 4136d52 797bbc4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:48 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4136d5230d1138fdd1ac4a9a54d7610c639b7ad0
commit 4136d5230d1138fdd1ac4a9a54d7610c639b7ad0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:48 2013 -0300
rename
diff --git a/meta b/meta
index 63435a9..3a1710a 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
+Previous: 797bbc4701e79da18f6ad5d0cccc653c322796ec
Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -23,7 +23,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
- manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
+ wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
similarity index 100%
rename from patches/manual-document-mt-safety-search.patch
rename to patches/wip-manual-document-mt-safety-search.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
commit a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=797bbc4701e79da18f6ad5d0cccc653c322796ec
commit 797bbc4701e79da18f6ad5d0cccc653c322796ec
Merge: 1fa6bb8 35815db 0677838
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:44 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1fa6bb80f706b8c748f2a422d94f118378cb3912
commit 1fa6bb80f706b8c748f2a422d94f118378cb3912
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:44 2013 -0300
float
diff --git a/meta b/meta
index e48e739..63435a9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
-Head: 4bbeb1050d394dac154d328416785d3a4737bfca
+Previous: 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
+Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,10 +20,10 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-search.patch: af52e291a0269b692e9e0570ba1d886714da159b
- wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
- wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
- manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
+ wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+ wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
+ manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
+ manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index e0ed5db..dfc7d5e 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 4b5bc3f694509a6dfd1b265acace61d889211e5c
+Bottom: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1259b54..2d0e681 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: d2881bc13111445c3cada2b810275ed5d685175c
-Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 148781b..c0945af 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 4b5bc3f694509a6dfd1b265acace61d889211e5c
-Top: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 2a9f16b..ba122fe 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
-Top: d2881bc13111445c3cada2b810275ed5d685175c
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35815dbc011f65ef76ad028cbc0b8b32381dd13a
commit 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da2ba42fc63d63defef49cb42670fb97e77a6179
commit da2ba42fc63d63defef49cb42670fb97e77a6179
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c07dbdccb654913fa9dcb761709fb6000f6f1edf
commit c07dbdccb654913fa9dcb761709fb6000f6f1edf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
commit 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
Merge: dd3c527 12fbe6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:40 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dd3c527fa4bba3a1bf657d9813343ea4ddf5107a
commit dd3c527fa4bba3a1bf657d9813343ea4ddf5107a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:40 2013 -0300
pop
diff --git a/meta b/meta
index cc99f28..e48e739 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7cbb268fad337dff229e13ac8be69351cc57313f
-Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
+Previous: 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
+Head: 4bbeb1050d394dac154d328416785d3a4737bfca
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -24,8 +24,8 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
- wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
+ wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
commit 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
Merge: bec2827 7cbb268
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:21 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bec2827536c90ffded6a98f176ef0a4f9f10d849
commit bec2827536c90ffded6a98f176ef0a4f9f10d849
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:21 2013 -0300
rename
diff --git a/meta b/meta
index 9ebd437..cc99f28 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
+Previous: 7cbb268fad337dff229e13ac8be69351cc57313f
Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
- manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
+ wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
similarity index 100%
rename from patches/manual-document-mt-safety-resource.patch
rename to patches/wip-manual-document-mt-safety-resource.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7cbb268fad337dff229e13ac8be69351cc57313f
commit 7cbb268fad337dff229e13ac8be69351cc57313f
Merge: 41a10da 08d53f6 74ac784
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:17 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41a10daef46a1694e219ab21a7068c43f99882e7
commit 41a10daef46a1694e219ab21a7068c43f99882e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:17 2013 -0300
float
diff --git a/meta b/meta
index 3391b8b..9ebd437 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
-Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+Previous: 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
+Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,11 +20,11 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
- manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
- wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
- wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ manual-document-mt-safety-search.patch: af52e291a0269b692e9e0570ba1d886714da159b
+ wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
+ wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
+ manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
+ manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 8309358..4b6d73f 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Bottom: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 3e786ab..e0ed5db 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
-Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 4b5bc3f694509a6dfd1b265acace61d889211e5c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8b416af..1259b54 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: d2881bc13111445c3cada2b810275ed5d685175c
+Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index dbff60e..148781b 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: 4b5bc3f694509a6dfd1b265acace61d889211e5c
+Top: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index cd2fcf0..2a9f16b 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
+Top: d2881bc13111445c3cada2b810275ed5d685175c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08d53f635c15ae65cc8f2347e47894394c5a651f
commit 08d53f635c15ae65cc8f2347e47894394c5a651f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4bbeb1050d394dac154d328416785d3a4737bfca
commit 4bbeb1050d394dac154d328416785d3a4737bfca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f27de287f82231e5a93eaa44bafa8170abc3dce3
commit f27de287f82231e5a93eaa44bafa8170abc3dce3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=166651bfa122c6352028365fa0f89c9dc3003751
commit 166651bfa122c6352028365fa0f89c9dc3003751
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af52e291a0269b692e9e0570ba1d886714da159b
commit af52e291a0269b692e9e0570ba1d886714da159b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74ac784fe3cc7e497dd1777f02a8c29ec6152a44
commit 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
Merge: 892a074 b03f8aa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:38 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=892a074da1bfdf18e6f8f87cacccfc72d66f10a3
commit 892a074da1bfdf18e6f8f87cacccfc72d66f10a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:38 2013 -0300
rename
diff --git a/meta b/meta
index 45c1261..3391b8b 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: a635047355e7efe75f06ce47d6afc804f73fc513
+Previous: b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- wip-manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/wip-manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
similarity index 100%
rename from patches/wip-manual-document-mt-safety-stdio.patch
rename to patches/manual-document-mt-safety-stdio.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
commit b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
Merge: efa6546 a635047
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:11 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=efa654693e2dd7542014b410dc9f49bb18f37ba6
commit efa654693e2dd7542014b410dc9f49bb18f37ba6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:11 2013 -0300
rename
diff --git a/meta b/meta
index 3844d46..45c1261 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
+Previous: a635047355e7efe75f06ce47d6afc804f73fc513
Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ wip-manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/wip-manual-document-mt-safety-stdio.patch
similarity index 100%
rename from patches/manual-document-mt-safety-stdio.patch
rename to patches/wip-manual-document-mt-safety-stdio.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a635047355e7efe75f06ce47d6afc804f73fc513
commit a635047355e7efe75f06ce47d6afc804f73fc513
Merge: f233fd0 214bfe3 c3cb182
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:05 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f233fd0cb20891129d27b957f9ef80fdf470441d
commit f233fd0cb20891129d27b957f9ef80fdf470441d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:05 2013 -0300
float
diff --git a/meta b/meta
index 4b93421..3844d46 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b7a1180b29f8e1785e9467dfbb8c4df59801236a
-Head: 06713123a0b742b742a1093deb32978e84799d02
+Previous: 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
+Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,9 +22,9 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
- manual-document-mt-safety-stdio.patch: f58d7939271296d5d0b2e459b13c3f0ba92705a6
- wip-manual-document-mt-safety-locale.patch: 15f732902e7b031fbb6663b8dfe1c097ca9396d2
- wip-manual-document-mt-safety-startup.patch: 06713123a0b742b742a1093deb32978e84799d02
+ wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
+ wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
+ manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1e0cfc0..8b416af 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index d5c1830..dbff60e 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 52792116005976e16d455f880f0b2d381882e671
-Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 0cf63b1..cd2fcf0 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: a529301c800b3ca93ba927e5d69da7dd7cafbae7
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3cb182414605a752cfd0de3f8ff1637db9aeddb
commit c3cb182414605a752cfd0de3f8ff1637db9aeddb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5101825e252b39ea192475db1ffaaeef5f155a46
commit 5101825e252b39ea192475db1ffaaeef5f155a46
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1080909eb844c0072328bc632d8a57287ad64752
commit 1080909eb844c0072328bc632d8a57287ad64752
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
commit 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
Merge: 73cda38 0671312 b7a1180
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:00 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=73cda380eb4cc913cb7e2827ee6e7f4fcd468c53
commit 73cda380eb4cc913cb7e2827ee6e7f4fcd468c53
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:00 2013 -0300
goto
diff --git a/meta b/meta
index e3af5e5..4b93421 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
-Head: 290ed306adba817ec4cb4f5207e63269e7990930
+Previous: b7a1180b29f8e1785e9467dfbb8c4df59801236a
+Head: 06713123a0b742b742a1093deb32978e84799d02
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -16,16 +16,16 @@ Applied:
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
+ manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
+ manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
+ manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
+ manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+ manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
+ manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
+ manual-document-mt-safety-stdio.patch: f58d7939271296d5d0b2e459b13c3f0ba92705a6
+ wip-manual-document-mt-safety-locale.patch: 15f732902e7b031fbb6663b8dfe1c097ca9396d2
+ wip-manual-document-mt-safety-startup.patch: 06713123a0b742b742a1093deb32978e84799d02
Unapplied:
- manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
- manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
- manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
- manual-document-mt-safety-math.patch: 1f1722344cc379ee50d34f34beaf20fa65b35e2a
- manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
- manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
- manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
- wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index b4d3b96..e6f679b 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Bottom: 08a4456877254843d89c18fe88e4c0431857fcff
+Top: b58e76e4078fdee40947d68820e0f861f8cac2de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index eef82af..09d2cc9 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
-Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Bottom: b58e76e4078fdee40947d68820e0f861f8cac2de
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 4f4042d..274aefd 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: d984e43548394d87c0dcc06e8f1f954337bf1f0b
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index bdc9eab..9f1572f 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: d984e43548394d87c0dcc06e8f1f954337bf1f0b
-Top: ed5585f43f682f64747d87313aa8fa6455b413af
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 9cf449a..8309358 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: ed5585f43f682f64747d87313aa8fa6455b413af
-Top: e75af3e584fdb6c5c7a273cced643b65589309d7
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 90717fa..3e786ab 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e75af3e584fdb6c5c7a273cced643b65589309d7
-Top: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
+Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index e2e4efd..1e0cfc0 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
-Top: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=51babe049dfe3862b311b4ebbfd87a8eb915528c
commit 51babe049dfe3862b311b4ebbfd87a8eb915528c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad614ca21bb3d439075824533620448aaca7dca6
commit ad614ca21bb3d439075824533620448aaca7dca6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a178ba9d66b1669f239966e51b89a7409aa3a762
commit a178ba9d66b1669f239966e51b89a7409aa3a762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06713123a0b742b742a1093deb32978e84799d02
commit 06713123a0b742b742a1093deb32978e84799d02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1bee872da33bdb7b911d4cd111906a390b9ea8a
commit e1bee872da33bdb7b911d4cd111906a390b9ea8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
commit c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=15f732902e7b031fbb6663b8dfe1c097ca9396d2
commit 15f732902e7b031fbb6663b8dfe1c097ca9396d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f58d7939271296d5d0b2e459b13c3f0ba92705a6
commit f58d7939271296d5d0b2e459b13c3f0ba92705a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=57c129a7691ad66436b380272a24d356111b19bf
commit 57c129a7691ad66436b380272a24d356111b19bf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b7a1180b29f8e1785e9467dfbb8c4df59801236a
commit b7a1180b29f8e1785e9467dfbb8c4df59801236a
Merge: d734882 dfd49e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:40 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d73488258df3a8ec3c814776d0831682e2dea189
commit d73488258df3a8ec3c814776d0831682e2dea189
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:40 2013 -0300
rename
diff --git a/meta b/meta
index 2107ada..e3af5e5 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: df394563a1a1bdefbb23875c4edfd069bebfc906
+Previous: dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
Head: 290ed306adba817ec4cb4f5207e63269e7990930
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -15,7 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
- wip-manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
+ manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
diff --git a/patches/wip-manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
similarity index 100%
rename from patches/wip-manual-document-mt-safety-libdl.patch
rename to patches/manual-document-mt-safety-libdl.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=290ed306adba817ec4cb4f5207e63269e7990930
commit 290ed306adba817ec4cb4f5207e63269e7990930
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
commit dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
Merge: f843e04 290ed30 df39456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:36 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f843e04b4c4cd54ee3f947dc222945f2d82812c6
commit f843e04b4c4cd54ee3f947dc222945f2d82812c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:36 2013 -0300
float
diff --git a/meta b/meta
index 499b44d..2107ada 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 07cc4f7a608825d04282ff8cf93024496dbcd0dd
-Head: 178c538fec626552e7ec57072a93b3715623e6ac
+Previous: df394563a1a1bdefbb23875c4edfd069bebfc906
+Head: 290ed306adba817ec4cb4f5207e63269e7990930
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+ wip-manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
@@ -23,7 +24,6 @@ Unapplied:
manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/wip-manual-document-mt-safety-libdl.patch b/patches/wip-manual-document-mt-safety-libdl.patch
index 3be5a88..abfb497 100644
--- a/patches/wip-manual-document-mt-safety-libdl.patch
+++ b/patches/wip-manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 08a4456877254843d89c18fe88e4c0431857fcff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df394563a1a1bdefbb23875c4edfd069bebfc906
commit df394563a1a1bdefbb23875c4edfd069bebfc906
Merge: 9803524 07cc4f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:31 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=980352436391bca67ab0913116cf51fb5f9576a2
commit 980352436391bca67ab0913116cf51fb5f9576a2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:31 2013 -0300
goto
diff --git a/meta b/meta
index 4d6d6fe..499b44d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 89dab3a09c52dc578a0bf773023be89522f9e07c
-Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
+Previous: 07cc4f7a608825d04282ff8cf93024496dbcd0dd
+Head: 178c538fec626552e7ec57072a93b3715623e6ac
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
@@ -23,7 +24,6 @@ Applied:
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
-Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07cc4f7a608825d04282ff8cf93024496dbcd0dd
commit 07cc4f7a608825d04282ff8cf93024496dbcd0dd
Merge: 4fbe0fd 89dab3a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:14 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4fbe0fd02915da0b97c6193433f064858047097f
commit 4fbe0fd02915da0b97c6193433f064858047097f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:14 2013 -0300
rename
diff --git a/meta b/meta
index a56a1ba..4d6d6fe 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 683b11d7ba63f7d33a738ee3e455d709430060a5
+Previous: 89dab3a09c52dc578a0bf773023be89522f9e07c
Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -22,7 +22,7 @@ Applied:
manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
+ wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/wip-manual-document-mt-safety-libdl.patch
similarity index 100%
rename from patches/manual-document-mt-safety-libdl.patch
rename to patches/wip-manual-document-mt-safety-libdl.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=89dab3a09c52dc578a0bf773023be89522f9e07c
commit 89dab3a09c52dc578a0bf773023be89522f9e07c
Merge: 04e9c88 683b11d 1c3dd47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:10 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=04e9c88f083f13dcd5dc89ec56408b62c0a3ce65
commit 04e9c88f083f13dcd5dc89ec56408b62c0a3ce65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:10 2013 -0300
float
diff --git a/meta b/meta
index 8eb614f..a56a1ba 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
-Head: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+Previous: 683b11d7ba63f7d33a738ee3e455d709430060a5
+Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -17,12 +17,12 @@ Applied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
- manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
- manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
- manual-document-mt-safety-math.patch: abf0509619f09c0ea5350931563012ae3f2a84ff
- manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
- manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
- manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+ manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
+ manual-document-mt-safety-math.patch: 1f1722344cc379ee50d34f34beaf20fa65b35e2a
+ manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
+ manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
+ manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
+ manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 51626a1..3be5a88 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..4f4042d 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: d984e43548394d87c0dcc06e8f1f954337bf1f0b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 9f1572f..bdc9eab 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Bottom: d984e43548394d87c0dcc06e8f1f954337bf1f0b
+Top: ed5585f43f682f64747d87313aa8fa6455b413af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 8309358..9cf449a 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Bottom: ed5585f43f682f64747d87313aa8fa6455b413af
+Top: e75af3e584fdb6c5c7a273cced643b65589309d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 3e786ab..90717fa 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
-Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Bottom: e75af3e584fdb6c5c7a273cced643b65589309d7
+Top: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1e0cfc0..e2e4efd 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
+Top: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1c3dd47ad53efd25fa2a616493c73c3d197af0ff
commit 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3af704e77dec1dd398bc0f54ca39b1699c0302fe
commit 3af704e77dec1dd398bc0f54ca39b1699c0302fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0dcc89166196b52cae3da929ae1573d65a3a79f
commit c0dcc89166196b52cae3da929ae1573d65a3a79f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=70fda0831b0d41b658cc1f962cc520e9c16d213e
commit 70fda0831b0d41b658cc1f962cc520e9c16d213e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f1722344cc379ee50d34f34beaf20fa65b35e2a
commit 1f1722344cc379ee50d34f34beaf20fa65b35e2a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=40fb222a22df4ba14615f2276530f1f17682e084
commit 40fb222a22df4ba14615f2276530f1f17682e084
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=683b11d7ba63f7d33a738ee3e455d709430060a5
commit 683b11d7ba63f7d33a738ee3e455d709430060a5
Merge: 087e7c5 4ad8782
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:03 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=087e7c525fc9850ac2362eb36f93945216d985b9
commit 087e7c525fc9850ac2362eb36f93945216d985b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:03 2013 -0300
pop
diff --git a/meta b/meta
index f69e02d..8eb614f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
-Head: 726e2d92020c1b7d1143d63c5b5137132e418c71
+Previous: 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
+Head: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -23,8 +23,8 @@ Applied:
manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
- wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
Unapplied:
+ wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
commit 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
Merge: 6c92768 33d29b6 726e2d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:12 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c92768daac54ca055fa5e5e7a72f70982605cc9
commit 6c92768daac54ca055fa5e5e7a72f70982605cc9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:12 2013 -0300
float
diff --git a/meta b/meta
index 4f84155..f69e02d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b5b96c66612e157138c818fc8a3efb61be698f64
-Head: 156684c20844d37d6b15b923f58aff88991696a9
+Previous: 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
+Head: 726e2d92020c1b7d1143d63c5b5137132e418c71
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -19,11 +19,11 @@ Applied:
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
- wip-manual-document-mt-safety-locale.patch: ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
- manual-document-mt-safety-math.patch: 4651ae36240aaaf68cdb47687889274248e1274b
- manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
- manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
- manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
+ manual-document-mt-safety-math.patch: abf0509619f09c0ea5350931563012ae3f2a84ff
+ manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
+ manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
+ manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+ wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
Unapplied:
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 66820ca..9f1572f 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 3fa9fb2..8309358 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: e27f818dd7517eeba6c572017e1d77241113d456
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index fb52bb3..3e786ab 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e27f818dd7517eeba6c572017e1d77241113d456
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 52710b6..1e0cfc0 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6515b05..d5c1830 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Bottom: 52792116005976e16d455f880f0b2d381882e671
+Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=726e2d92020c1b7d1143d63c5b5137132e418c71
commit 726e2d92020c1b7d1143d63c5b5137132e418c71
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
commit e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=51c941036cb82913f64a97d34be1d4236cb6fd4f
commit 51c941036cb82913f64a97d34be1d4236cb6fd4f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3461a1ad69328498c40542218f476af25478aec
commit c3461a1ad69328498c40542218f476af25478aec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abf0509619f09c0ea5350931563012ae3f2a84ff
commit abf0509619f09c0ea5350931563012ae3f2a84ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
commit 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
Merge: d2b3902 b5b96c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:07 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2b3902ab3a56c273b4b0f8ceeafdac43505d564
commit d2b3902ab3a56c273b4b0f8ceeafdac43505d564
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:07 2013 -0300
pop
diff --git a/meta b/meta
index 1907fbf..4f84155 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6343a1a039c34d3c7408f4bb560c2515343360eb
-Head: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
+Previous: b5b96c66612e157138c818fc8a3efb61be698f64
+Head: 156684c20844d37d6b15b923f58aff88991696a9
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -24,8 +24,8 @@ Applied:
manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
- wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Unapplied:
+ wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b5b96c66612e157138c818fc8a3efb61be698f64
commit b5b96c66612e157138c818fc8a3efb61be698f64
Merge: cd4a235 a51d72b 6343a1a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:02 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd4a235dffc1bc75049f7e08307c6784bd0c4868
commit cd4a235dffc1bc75049f7e08307c6784bd0c4868
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:02 2013 -0300
float
diff --git a/meta b/meta
index 1943013..1907fbf 100644
--- a/meta
+++ b/meta
@@ -1,30 +1,30 @@
Version: 1
-Previous: 62bbc3d80d58e685b5c3e655681849574ef8b421
-Head: cd940c77f411533af456e9cec1af020887deb9f7
+Previous: 6343a1a039c34d3c7408f4bb560c2515343360eb
+Head: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Applied:
- wip-manual-document-mt-safety-startup.patch: 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
- manual-document-mt-safety.patch: 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
- powerpc-nofpu-sim-note-nothread.patch: ebf259b70d2e3b3122af4e09e78b5112f9160389
- unused-scalb-is-scalbn.patch: cfe805ba9962e7ecb02cb7d91f07e877fccc1742
- manual-document-mt-safety-argp.patch: 12aba27e1c96ff9703ea9423bf471fa3f0454616
- manual-document-mt-safety-arith.patch: d4bc90d431da292824c33273485aab09d0c9ada3
- manual-document-mt-safety-charset.patch: 71ab9cf6aa2f9992310fda06683ba6db44faff8a
- manual-document-mt-safety-conf.patch: 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
- manual-document-mt-safety-crypt.patch: 39e993dc2ae9653217a042eeedfe06456f1c9ea0
- manual-document-mt-safety-ctype.patch: 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
- manual-document-mt-safety-debug.patch: 35461a82e984e8751071f7c46c048d911397fb9e
- manual-document-mt-safety-errno.patch: df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
- manual-document-mt-safety-filesys.patch: 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
- manual-document-mt-safety-getopt.patch: 54959e6a17b3ca7272b56edee5293cea3b346c5f
- manual-document-mt-safety-job.patch: c25daa987c90bfad25cb4e1273fd92cf71fdf232
- manual-document-mt-safety-lang.patch: d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
- manual-document-mt-safety-libdl.patch: bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
- manual-document-mt-safety-llio.patch: c42f6feb7f97230157c3ceb687a159b84bb4d7d8
- wip-manual-document-mt-safety-locale.patch: e8c35213fe8fef0412e66e661ebd802026da720b
- manual-document-mt-safety-math.patch: 0fd2970206a6c8a76bebacec7637139b2007fb7e
- manual-document-mt-safety-resource.patch: b01f62db5594863fa7579f21f05ad57104fa679d
- manual-document-mt-safety-search.patch: fbbed37c987a939b69864e80aa62d0a79af16d45
- manual-document-mt-safety-stdio.patch: cd940c77f411533af456e9cec1af020887deb9f7
+ manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+ powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
+ unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
+ manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
+ manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
+ manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
+ manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
+ manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
+ manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
+ manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
+ manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
+ manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
+ manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+ manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
+ manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
+ manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
+ manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
+ wip-manual-document-mt-safety-locale.patch: ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
+ manual-document-mt-safety-math.patch: 4651ae36240aaaf68cdb47687889274248e1274b
+ manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
+ manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
+ manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
+ wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 482ace8..914e844 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 3015208671bba3feaab85a1d0587333944496507
-Top: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
+Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49910ab..49b1456 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
-Top: f0342b90632c74b9a721b35d9c95ea85919ae5a4
+Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Top: 260809414e54f35864ab54b52fdbff3517f05f2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 9e69579..c4d22ae 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: f0342b90632c74b9a721b35d9c95ea85919ae5a4
-Top: e24c4115f83f7eb92649db91634e17593123738e
+Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
+Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 920632a..0db760e 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: e24c4115f83f7eb92649db91634e17593123738e
-Top: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
+Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Top: 621eb53ac8713123406be43ebd474132b7c6e4de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 6f5b2da..20411b6 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
-Top: 8d7d2a6304d608c30830622d547d0885c92e4088
+Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
+Top: 25551ef91682bea014db1b2031e4dad60a4ba129
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 860831d..8700f8e 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 8d7d2a6304d608c30830622d547d0885c92e4088
-Top: b68c41c74be21ce5c0d141f46075c7c4824255a0
+Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
+Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index bbd624b..2063a20 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: b68c41c74be21ce5c0d141f46075c7c4824255a0
-Top: 8825d25214af5bd5f5000d77da51dd0136ce4967
+Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 4c0d22a..7b30386 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 8825d25214af5bd5f5000d77da51dd0136ce4967
-Top: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
+Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 27656d8..7b4e146 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
-Top: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
+Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 18640dd..753c8f5 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
-Top: e4f410db325f1ed99571de968b979924a181518e
+Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Top: 18760d732995b8379bc372377398a8fd58732762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 8683ffe..b4d3b96 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: e4f410db325f1ed99571de968b979924a181518e
-Top: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 45c3684..eef82af 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
-Top: 8308f7496ee59e742bc30a47396ed16b09f4ed78
+Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Top: 95e3af012c2d8222ce9c18f313b200f086405d32
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index f0ef929..51626a1 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 8308f7496ee59e742bc30a47396ed16b09f4ed78
-Top: e209dda6062453b563bc99b39fdc7f9a8c570777
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index de6b6dc..274aefd 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: e209dda6062453b563bc99b39fdc7f9a8c570777
-Top: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 1d22852..66820ca 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
-Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 6cbd7ab..3fa9fb2 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
-Top: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: e27f818dd7517eeba6c572017e1d77241113d456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 8e3e36f..fb52bb3 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: e27f818dd7517eeba6c572017e1d77241113d456
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8b416af..52710b6 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 36caa7a..e164c49 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
-Bottom: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
-Top: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: c59759fbdfb422ada848ebdd3845677059986449
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index a1d126e..7f2c050 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
-Top: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 62fcad2..0fa4208 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
-Top: 3015208671bba3feaab85a1d0587333944496507
+Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 2c23cb9..6515b05 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
-Top: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 6de832f..0cf63b1 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
+Bottom: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
commit a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=156684c20844d37d6b15b923f58aff88991696a9
commit 156684c20844d37d6b15b923f58aff88991696a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=974ea38cb1486c677456bd449b95ee18e3e7ecc3
commit 974ea38cb1486c677456bd449b95ee18e3e7ecc3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
commit 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=178c538fec626552e7ec57072a93b3715623e6ac
commit 178c538fec626552e7ec57072a93b3715623e6ac
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=722fae4ea63db2a00f51c08a14d723ad87fd97d9
commit 722fae4ea63db2a00f51c08a14d723ad87fd97d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f7b80d2460a6a65a292c067bfaf12d714767bcf9
commit f7b80d2460a6a65a292c067bfaf12d714767bcf9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4651ae36240aaaf68cdb47687889274248e1274b
commit 4651ae36240aaaf68cdb47687889274248e1274b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
commit 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07add391d6215283f7338e451060a144bd241bd9
commit 07add391d6215283f7338e451060a144bd241bd9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5830f31e3722b9269c618a39bfd56052c609d711
commit 5830f31e3722b9269c618a39bfd56052c609d711
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
commit ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4c83ae2974e8153950355eca983b33e13bad7490
commit 4c83ae2974e8153950355eca983b33e13bad7490
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90470ebb84408d72de8a13806b2e84801fbcc026
commit 90470ebb84408d72de8a13806b2e84801fbcc026
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=776df644b03f53de0e1d21d4b6e8df0fb287117e
commit 776df644b03f53de0e1d21d4b6e8df0fb287117e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06242cab8769046e2c3e9670de0b0e664f9624ef
commit 06242cab8769046e2c3e9670de0b0e664f9624ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ada59d4ba350be38e3b5d960053eac19f0c22bf1
commit ada59d4ba350be38e3b5d960053eac19f0c22bf1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
commit 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
commit d2ce932c7ce9c31c4b085c61c43ac8e637713dcd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..d183e12 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,412 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards that could guarantee consistency. To
+ensure MT- and AS-Safe behavior, callers must ensure that the objects
+passed in are not modified concurrently by other threads or signal
+handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+properties we documented are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2bd5708daeac2ff089c6eebd6944f4ced306e4d8
commit 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b636b87be9756886bb0f9f1396c31b42d3f83c23
commit b636b87be9756886bb0f9f1396c31b42d3f83c23
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f4268118ff7169b7016697e2344525b93dd6be01
commit f4268118ff7169b7016697e2344525b93dd6be01
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
commit 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b290d7167651106f65de65171d52b70c6188329a
commit b290d7167651106f65de65171d52b70c6188329a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22b44b5585a77352a33172a9583ea1e002e1602c
commit 22b44b5585a77352a33172a9583ea1e002e1602c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6343a1a039c34d3c7408f4bb560c2515343360eb
commit 6343a1a039c34d3c7408f4bb560c2515343360eb
Merge: 52c6e12 cd940c7 62bbc3d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:47 2013 -0300
sink
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=52c6e12e2a8d569f205756903cc1d228dcc428e5
commit 52c6e12e2a8d569f205756903cc1d228dcc428e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:47 2013 -0300
sink
diff --git a/meta b/meta
index 0ca07b4..1943013 100644
--- a/meta
+++ b/meta
@@ -1,30 +1,30 @@
Version: 1
-Previous: dd7582572f4b13b728b2961d9fffe5f522a89528
-Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Previous: 62bbc3d80d58e685b5c3e655681849574ef8b421
+Head: cd940c77f411533af456e9cec1af020887deb9f7
Applied:
- manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
- powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
- unused-scalb-is-scalbn.patch: 62694b21850cd676e82306bc82418b952b9d3d31
- manual-document-mt-safety-argp.patch: 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
- manual-document-mt-safety-arith.patch: 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
- manual-document-mt-safety-charset.patch: 296ae41496afc524f6f75648a3298a5419b46990
- manual-document-mt-safety-conf.patch: 95b0911edf2eb244430d9533ec0a8a3f7058581c
- manual-document-mt-safety-crypt.patch: e600904c5eab885a1a7c8aef6bb2f570bd201275
- manual-document-mt-safety-ctype.patch: 727a9c49e98194570a2c85e47c355bcc55398cd9
- manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
- manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
- manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
- manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
- manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
- manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
- manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
- manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
- manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
- manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
- manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
- wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
- manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+ wip-manual-document-mt-safety-startup.patch: 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
+ manual-document-mt-safety.patch: 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
+ powerpc-nofpu-sim-note-nothread.patch: ebf259b70d2e3b3122af4e09e78b5112f9160389
+ unused-scalb-is-scalbn.patch: cfe805ba9962e7ecb02cb7d91f07e877fccc1742
+ manual-document-mt-safety-argp.patch: 12aba27e1c96ff9703ea9423bf471fa3f0454616
+ manual-document-mt-safety-arith.patch: d4bc90d431da292824c33273485aab09d0c9ada3
+ manual-document-mt-safety-charset.patch: 71ab9cf6aa2f9992310fda06683ba6db44faff8a
+ manual-document-mt-safety-conf.patch: 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
+ manual-document-mt-safety-crypt.patch: 39e993dc2ae9653217a042eeedfe06456f1c9ea0
+ manual-document-mt-safety-ctype.patch: 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
+ manual-document-mt-safety-debug.patch: 35461a82e984e8751071f7c46c048d911397fb9e
+ manual-document-mt-safety-errno.patch: df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
+ manual-document-mt-safety-filesys.patch: 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
+ manual-document-mt-safety-getopt.patch: 54959e6a17b3ca7272b56edee5293cea3b346c5f
+ manual-document-mt-safety-job.patch: c25daa987c90bfad25cb4e1273fd92cf71fdf232
+ manual-document-mt-safety-lang.patch: d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
+ manual-document-mt-safety-libdl.patch: bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
+ manual-document-mt-safety-llio.patch: c42f6feb7f97230157c3ceb687a159b84bb4d7d8
+ wip-manual-document-mt-safety-locale.patch: e8c35213fe8fef0412e66e661ebd802026da720b
+ manual-document-mt-safety-math.patch: 0fd2970206a6c8a76bebacec7637139b2007fb7e
+ manual-document-mt-safety-resource.patch: b01f62db5594863fa7579f21f05ad57104fa679d
+ manual-document-mt-safety-search.patch: fbbed37c987a939b69864e80aa62d0a79af16d45
+ manual-document-mt-safety-stdio.patch: cd940c77f411533af456e9cec1af020887deb9f7
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 914e844..482ace8 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
-Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Bottom: 3015208671bba3feaab85a1d0587333944496507
+Top: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49b1456..49910ab 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
-Top: 260809414e54f35864ab54b52fdbff3517f05f2e
+Bottom: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
+Top: f0342b90632c74b9a721b35d9c95ea85919ae5a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index c4d22ae..9e69579 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
-Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Bottom: f0342b90632c74b9a721b35d9c95ea85919ae5a4
+Top: e24c4115f83f7eb92649db91634e17593123738e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 0db760e..920632a 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
-Top: 621eb53ac8713123406be43ebd474132b7c6e4de
+Bottom: e24c4115f83f7eb92649db91634e17593123738e
+Top: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 20411b6..6f5b2da 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
-Top: 25551ef91682bea014db1b2031e4dad60a4ba129
+Bottom: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
+Top: 8d7d2a6304d608c30830622d547d0885c92e4088
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 8700f8e..860831d 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
-Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Bottom: 8d7d2a6304d608c30830622d547d0885c92e4088
+Top: b68c41c74be21ce5c0d141f46075c7c4824255a0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 2063a20..bbd624b 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
-Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Bottom: b68c41c74be21ce5c0d141f46075c7c4824255a0
+Top: 8825d25214af5bd5f5000d77da51dd0136ce4967
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 7b30386..4c0d22a 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
-Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Bottom: 8825d25214af5bd5f5000d77da51dd0136ce4967
+Top: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 7b4e146..27656d8 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
-Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Bottom: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
+Top: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 753c8f5..18640dd 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
-Top: 18760d732995b8379bc372377398a8fd58732762
+Bottom: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
+Top: e4f410db325f1ed99571de968b979924a181518e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index b4d3b96..8683ffe 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Bottom: e4f410db325f1ed99571de968b979924a181518e
+Top: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index eef82af..45c3684 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
-Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Bottom: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
+Top: 8308f7496ee59e742bc30a47396ed16b09f4ed78
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 51626a1..f0ef929 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: 8308f7496ee59e742bc30a47396ed16b09f4ed78
+Top: e209dda6062453b563bc99b39fdc7f9a8c570777
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..de6b6dc 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: e209dda6062453b563bc99b39fdc7f9a8c570777
+Top: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 66820ca..1d22852 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
+Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 3fa9fb2..6cbd7ab 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: e27f818dd7517eeba6c572017e1d77241113d456
+Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Top: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index fb52bb3..8e3e36f 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e27f818dd7517eeba6c572017e1d77241113d456
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index e164c49..36caa7a 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: c59759fbdfb422ada848ebdd3845677059986449
+Bottom: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
+Top: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 7f2c050..a1d126e 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Bottom: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
+Top: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 0fa4208..62fcad2 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
-Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Bottom: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
+Top: 3015208671bba3feaab85a1d0587333944496507
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6515b05..2c23cb9 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Bottom: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
+Top: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index cd2fcf0..6de832f 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd940c77f411533af456e9cec1af020887deb9f7
commit cd940c77f411533af456e9cec1af020887deb9f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fbbed37c987a939b69864e80aa62d0a79af16d45
commit fbbed37c987a939b69864e80aa62d0a79af16d45
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b01f62db5594863fa7579f21f05ad57104fa679d
commit b01f62db5594863fa7579f21f05ad57104fa679d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0fd2970206a6c8a76bebacec7637139b2007fb7e
commit 0fd2970206a6c8a76bebacec7637139b2007fb7e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e8c35213fe8fef0412e66e661ebd802026da720b
commit e8c35213fe8fef0412e66e661ebd802026da720b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c42f6feb7f97230157c3ceb687a159b84bb4d7d8
commit c42f6feb7f97230157c3ceb687a159b84bb4d7d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
commit bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
commit d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c25daa987c90bfad25cb4e1273fd92cf71fdf232
commit c25daa987c90bfad25cb4e1273fd92cf71fdf232
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=54959e6a17b3ca7272b56edee5293cea3b346c5f
commit 54959e6a17b3ca7272b56edee5293cea3b346c5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=833600d06ecc585f1dd82165a6c0af8f0b6e82c2
commit 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
commit df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35461a82e984e8751071f7c46c048d911397fb9e
commit 35461a82e984e8751071f7c46c048d911397fb9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ac8448e6d04eff177c2c665fdcbb07c93a917ad
commit 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39e993dc2ae9653217a042eeedfe06456f1c9ea0
commit 39e993dc2ae9653217a042eeedfe06456f1c9ea0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0a6834ab437d116e8ebd6d9c7232f1daaf23e892
commit 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=71ab9cf6aa2f9992310fda06683ba6db44faff8a
commit 71ab9cf6aa2f9992310fda06683ba6db44faff8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d4bc90d431da292824c33273485aab09d0c9ada3
commit d4bc90d431da292824c33273485aab09d0c9ada3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12aba27e1c96ff9703ea9423bf471fa3f0454616
commit 12aba27e1c96ff9703ea9423bf471fa3f0454616
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfe805ba9962e7ecb02cb7d91f07e877fccc1742
commit cfe805ba9962e7ecb02cb7d91f07e877fccc1742
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebf259b70d2e3b3122af4e09e78b5112f9160389
commit ebf259b70d2e3b3122af4e09e78b5112f9160389
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6302ecd89c407c9fa96dd9a6263175c8ef1dee48
commit 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
commit 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62bbc3d80d58e685b5c3e655681849574ef8b421
commit 62bbc3d80d58e685b5c3e655681849574ef8b421
Merge: 0e55a9c dd75825
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:37 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e55a9c6ec47f13061f558ee8470974665beab5d
commit 0e55a9c6ec47f13061f558ee8470974665beab5d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:37 2013 -0300
pop
diff --git a/meta b/meta
index 67b2216..0ca07b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 20f589de14be98a69a13023b7d7b978a7098b118
-Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+Previous: dd7582572f4b13b728b2961d9fffe5f522a89528
+Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,9 +25,9 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dd7582572f4b13b728b2961d9fffe5f522a89528
commit dd7582572f4b13b728b2961d9fffe5f522a89528
Merge: e6a6049 20f589d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:16 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6a6049d014d552c0cf6925f4b29c47e927b4e28
commit e6a6049d014d552c0cf6925f4b29c47e927b4e28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:16 2013 -0300
delete
diff --git a/meta b/meta
index 6208427..67b2216 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3152fe9b71d25e5a079af8a12b1ab66c69174413
-Head: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
+Previous: 20f589de14be98a69a13023b7d7b978a7098b118
+Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -29,6 +29,5 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
- manual-document-mt-safety-wip.patch: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
deleted file mode 100644
index 46ded4a..0000000
--- a/patches/manual-document-mt-safety-wip.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Bottom: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
-Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:41 -0300
-
-Thread safety documentation.
-
-for ChangeLog
-
- * manual/???.texi: Document thread safety properties.
-
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=20f589de14be98a69a13023b7d7b978a7098b118
commit 20f589de14be98a69a13023b7d7b978a7098b118
Merge: 9f26d9d 4fbc047 3152fe9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:04 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9f26d9d88a728ee83429283429062fd7da5352ec
commit 9f26d9d88a728ee83429283429062fd7da5352ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:04 2013 -0300
push
diff --git a/meta b/meta
index 2ab621e..6208427 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 32cc08f6887f254257307044a1da7e83889300d8
-Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+Previous: 3152fe9b71d25e5a079af8a12b1ab66c69174413
+Head: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -29,6 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+ manual-document-mt-safety-wip.patch: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Unapplied:
- manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 0350f71..46ded4a 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
+Bottom: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,1296 +12,4 @@ for ChangeLog
---
-diff --git a/manual/job.texi b/manual/job.texi
-index 4efeed3..779ea96 100644
---- a/manual/job.texi
-+++ b/manual/job.texi
-@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
- @comment stdio.h
- @comment POSIX.1
- @deftypefun {char *} ctermid (char *@var{string})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This function is a stub by default; the actual implementation, for
-+@c posix systems, returns an internal buffer if passed a NULL string,
-+@c but the internal buffer is always set to /dev/tty.
- The @code{ctermid} function returns a string containing the file name of
- the controlling terminal for the current process. If @var{string} is
- not a null pointer, it should be an array that can hold at least
-@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
- @comment unistd.h
- @comment POSIX.1
- @deftypefun pid_t setsid (void)
-+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
-+@c This is usually a direct syscall, but if a syscall is not available,
-+@c we use a stub, or Hurd- and BSD-specific implementations. The former
-+@c uses a mutex and a hurd critical section, and the latter issues a few
-+@c syscalls, so both seem safe, except for the locking on Hurd.
- The @code{setsid} function creates a new session. The calling process
- becomes the session leader, and is put in a new process group whose
- process group ID is the same as the process ID of that process. There
-@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
- @comment unistd.h
- @comment SVID
- @deftypefun pid_t getsid (pid_t @var{pid})
--
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
- The @code{getsid} function returns the process group ID of the session
- leader of the specified process. If a @var{pid} is @code{0}, the
- process group ID of the session leader of the current process is
-@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
- @comment unistd.h
- @comment POSIX.1
- @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Wrapper for getpgid.
- The POSIX.1 definition of @code{getpgrp} returns the process group ID of
- the calling process.
- @end deftypefn
-@@ -1141,6 +1153,8 @@ the calling process.
- @comment unistd.h
- @comment BSD
- @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Wrapper for getpgid.
- The BSD definition of @code{getpgrp} returns the process group ID of the
- process @var{pid}. You can supply a value of @code{0} for the @var{pid}
- argument to get information about the calling process.
-@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
- @comment unistd.h
- @comment SVID
- @deftypefn {System V Function} int getpgid (pid_t @var{pid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
-
- @code{getpgid} is the same as the BSD function @code{getpgrp}. It
- returns the process group ID of the process @var{pid}. You can supply a
-@@ -1171,6 +1187,8 @@ process.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
- The @code{setpgid} function puts the process @var{pid} into the process
- group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
- be zero to indicate the process ID of the calling process.
-@@ -1208,6 +1226,8 @@ process or a child of the calling process.
- @comment unistd.h
- @comment BSD
- @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall or setpgid wrapper.
- This is the BSD Unix name for @code{setpgid}. Both functions do exactly
- the same thing.
- @end deftypefun
-@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun pid_t tcgetpgrp (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub, or ioctl on BSD and GNU/Linux.
- This function returns the process group ID of the foreground process
- group associated with the terminal open on descriptor @var{filedes}.
-
-@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub, or ioctl on BSD and GNU/Linux.
- This function is used to set a terminal's foreground process group ID.
- The argument @var{filedes} is a descriptor which specifies the terminal;
- @var{pgid} specifies the process group. The calling process must be a
-@@ -1297,6 +1321,8 @@ process.
- @comment termios.h
- @comment Unix98
- @deftypefun pid_t tcgetsid (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
- This function is used to obtain the process group ID of the session
- for which the terminal specified by @var{fildes} is the controlling terminal.
- If the call is successful the group ID is returned. Otherwise the
-diff --git a/manual/lang.texi b/manual/lang.texi
-index ee04e23..d6cd90c 100644
---- a/manual/lang.texi
-+++ b/manual/lang.texi
-@@ -51,6 +51,8 @@ without indicating anything might be wrong.
- @comment assert.h
- @comment ISO
- @deftypefn Macro void assert (int @var{expression})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
-+@c assert_fail_base calls asprintf, and fflushes stderr.
- Verify the programmer's belief that @var{expression} is nonzero at
- this point in the program.
-
-@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
- @comment assert.h
- @comment GNU
- @deftypefn Macro void assert_perror (int @var{errnum})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
-+@c assert_fail_base calls asprintf, and fflushes stderr.
- Similar to @code{assert}, but verifies that @var{errnum} is zero.
-
- If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
-@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This macro initializes the argument pointer variable @var{ap} to point
- to the first of the optional arguments of the current function;
- @var{last-required} must be the last required argument to the function.
-@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- The @code{va_arg} macro returns the value of the next optional argument,
- and modifies the value of @var{ap} to point to the subsequent argument.
- Thus, successive uses of @code{va_arg} return successive optional
-@@ -445,6 +453,8 @@ of the actual argument.
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} void va_end (va_list @var{ap})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This ends the use of @var{ap}. After a @code{va_end} call, further
- @code{va_arg} calls with the same @var{ap} may not work. You should invoke
- @code{va_end} before returning from the function in which @code{va_start}
-@@ -466,6 +476,8 @@ of the same type.
- @comment ISO
- @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
- @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- The @code{va_copy} macro allows copying of objects of type
- @code{va_list} even if this is not an integral type. The argument pointer
- in @var{dest} is initialized to point to the same argument as the
-@@ -1212,6 +1224,8 @@ type of a particular structure member.
- @comment stddef.h
- @comment ISO
- @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This expands to a integer constant expression that is the offset of the
- structure member named @var{member} in the structure type @var{type}.
- For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
-diff --git a/manual/libdl.texi b/manual/libdl.texi
-new file mode 100644
-index 0000000..e3fe045
---- /dev/null
-+++ b/manual/libdl.texi
-@@ -0,0 +1,10 @@
-+@c FIXME these are undocumented:
-+@c dladdr
-+@c dladdr1
-+@c dlclose
-+@c dlerror
-+@c dlinfo
-+@c dlmopen
-+@c dlopen
-+@c dlsym
-+@c dlvsym
-diff --git a/manual/llio.texi b/manual/llio.texi
-index b129cf4..66370c4 100644
---- a/manual/llio.texi
-+++ b/manual/llio.texi
-@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- The @code{open} function creates and returns a new file descriptor for
- the file named by @var{filename}. Initially, the file position
- indicator for the file is at the beginning of the file. The argument
-@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
- @comment fcntl.h
- @comment Unix98
- @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is similar to @code{open}. It returns a file descriptor
- which can be used to access the file named by @var{filename}. The only
- difference is that on 32 bit systems the file is opened in the
-@@ -178,6 +180,7 @@ replaces the old API.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is obsolete. The call:
-
- @smallexample
-@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
- @comment fcntl.h
- @comment Unix98
- @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is similar to @code{creat}. It returns a file descriptor
- which can be used to access the file named by @var{filename}. The only
- the difference is that on 32 bit systems the file is opened in the
-@@ -219,6 +223,7 @@ replaces the old API.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int close (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- The function @code{close} closes the file descriptor @var{filedes}.
- Closing a file has the following consequences:
-
-@@ -300,6 +305,7 @@ but must be a signed type.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{read} function reads up to @var{size} bytes from the file
- with descriptor @var{filedes}, storing the results in the @var{buffer}.
- (This is not necessarily a character string, and no terminating null
-@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
-+@c used anywhere?
- The @code{pread} function is similar to the @code{read} function. The
- first three arguments are identical, and the return values and error
- codes also correspond.
-@@ -430,6 +440,10 @@ version 2.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
-+@c it used anywhere?
- This function is similar to the @code{pread} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX.1
- @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{write} function writes up to @var{size} bytes from
- @var{buffer} to the file with descriptor @var{filedes}. The data in
- @var{buffer} is not necessarily a character string and a null character is
-@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
-+@c used anywhere?
- The @code{pwrite} function is similar to the @code{write} function. The
- first three arguments are identical, and the return values and error codes
- also correspond.
-@@ -592,6 +611,10 @@ version 2.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
-+@c is it used anywhere?
- This function is similar to the @code{pwrite} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
- @comment unistd.h
- @comment POSIX.1
- @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{lseek} function is used to change the file position of the
- file with descriptor @var{filedes}.
-
-@@ -713,6 +737,7 @@ descriptors.
- @comment unistd.h
- @comment Unix98
- @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to the @code{lseek} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment POSIX.1
- @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- The @code{fdopen} function returns a new stream for the file descriptor
- @var{filedes}.
-
-@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
- @comment stdio.h
- @comment POSIX.1
- @deftypefun int fileno (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function returns the file descriptor associated with the stream
- @var{stream}. If an error is detected (for example, if the @var{stream}
- is not valid) or if @var{stream} does not do I/O to a file,
-@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
- @comment stdio.h
- @comment GNU
- @deftypefun int fileno_unlocked (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fileno_unlocked} function is equivalent to the @code{fileno}
- function except that it does not implicitly lock the stream if the state
- is @code{FSETLOCKING_INTERNAL}.
-@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
- @comment sys/uio.h
- @comment BSD
- @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
--
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
-+@c with old kernels that lack a full readv/writev implementation, may
-+@c malloc the buffer into which data is read, if the total read size is
-+@c too large for alloca.
- The @code{readv} function reads data from @var{filedes} and scatters it
- into the buffers described in @var{vector}, which is taken to be
- @var{count} structures long. As each buffer is filled, data is sent to the
-@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
- @comment sys/uio.h
- @comment BSD
- @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
-+@c with old kernels that lack a full readv/writev implementation, may
-+@c malloc the buffer from which data is written, if the total write size
-+@c is too large for alloca.
-
- The @code{writev} function gathers data from the buffers described in
- @var{vector}, which is taken to be @var{count} structures long, and writes
-@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The @code{mmap} function creates a new mapping, connected to bytes
- (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
-@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
- @comment sys/mman.h
- @comment LFS
- @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
-+@c is) would be thread-unsafe.
- The @code{mmap64} function is equivalent to the @code{mmap} function but
- the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
- this allows the file associated with the @var{filedes} descriptor to be
-@@ -1284,6 +1325,7 @@ replaces the old API.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int munmap (void *@var{addr}, size_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
- @var{length}). @var{length} should be the length of the mapping.
-@@ -1310,6 +1352,7 @@ aligned.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- When using shared mappings, the kernel can write the file at any time
- before the mapping is removed. To be certain data has actually been
-@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
- @comment sys/mman.h
- @comment GNU
- @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This function can be used to change the size of an existing memory
- area. @var{address} and @var{length} must cover a region entirely mapped
-@@ -1405,6 +1449,7 @@ Coding Standards}.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This function can be used to provide the system with @var{advice} about
- the intended usage patterns of the memory region starting at @var{addr}
-@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_ZERO (fd_set *@var{set})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro initializes the file descriptor set @var{set} to be the
- empty set.
- @end deftypefn
-@@ -1538,6 +1584,9 @@ empty set.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Setting a bit isn't necessarily atomic, so there's a potential race
-+@c here if set is not used exclusively.
- This macro adds @var{filedes} to the file descriptor set @var{set}.
-
- The @var{filedes} parameter must not have side effects since it is
-@@ -1547,6 +1596,9 @@ evaluated more than once.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Setting a bit isn't necessarily atomic, so there's a potential race
-+@c here if set is not used exclusively.
- This macro removes @var{filedes} from the file descriptor set @var{set}.
-
- The @var{filedes} parameter must not have side effects since it is
-@@ -1556,6 +1608,7 @@ evaluated more than once.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value (true) if @var{filedes} is a member
- of the file descriptor set @var{set}, and zero (false) otherwise.
-
-@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
- @comment sys/types.h
- @comment BSD
- @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The select syscall is preferred, but pselect6 may be used instead,
-+@c which requires converting timeout to a timespec and back. The
-+@c conversions are not atomic.
- The @code{select} function blocks the calling process until there is
- activity on any of the specified sets of file descriptors, or until the
- timeout period has expired.
-@@ -1670,6 +1727,7 @@ they return.
- @comment unistd.h
- @comment X/Open
- @deftypefun void sync (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- A call to this function will not return as long as there is data which
- has not been written to the device. All dirty buffers in the kernel will
- be written and so an overall consistent system can be achieved (if no
-@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
- @comment unistd.h
- @comment POSIX
- @deftypefun int fsync (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fsync} function can be used to make sure all data associated with
- the open file @var{fildes} is written to the device associated with the
- descriptor. The function call does not return unless all actions have
-@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
- @comment unistd.h
- @comment POSIX
- @deftypefun int fdatasync (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- When a call to the @code{fdatasync} function returns, it is ensured
- that all of the file data is written to the device. For all pending I/O
- operations, the parts guaranteeing data integrity finished.
-@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_read (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Calls aio_enqueue_request.
-+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
-+@c pthread_self ok
-+@c pthread_getschedparam selfdeadlock, lockleak
-+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
-+@c sched_getparam ok
-+@c sched_getscheduler ok
-+@c lll_unlock lockleak
-+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
-+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
-+@c realloc asmalloc, memleak
-+@c calloc asmalloc, memleak
-+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
-+@c pthread_attr_init ok
-+@c pthread_attr_setdetachstate ok
-+@c pthread_get_minstack ok
-+@c pthread_attr_setstacksize ok
-+@c sigfillset ok
-+@c memset ok
-+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
-+@c SYSCALL rt_sigprocmask ok
-+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
-+@c alloca/malloc asmalloc, memleak
-+@c lll_unlock lockleak
-+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c getpagesize dup
-+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
-+@c lll_unlock lockleak
-+@c _dl_allocate_tls asmalloc, memleak
-+@c _dl_allocate_tls_storage asmalloc, memleak
-+@c memalign asmalloc, memleak
-+@c memset ok
-+@c allocate_dtv dup
-+@c free asmalloc, memleak
-+@c allocate_dtv asmalloc, memleak
-+@c calloc asmalloc, memleak
-+@c INSTALL_DTV ok
-+@c list_add dup
-+@c get_cached_stack
-+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
-+@c list_for_each ok
-+@c list_entry dup
-+@c FREE_P dup
-+@c stack_list_del dup
-+@c stack_list_add dup
-+@c lll_unlock lockleak
-+@c _dl_allocate_tls_init ok
-+@c GET_DTV ok
-+@c mmap ok
-+@c atomic_increment_val ok
-+@c munmap ok
-+@c change_stack_perm ok
-+@c mprotect ok
-+@c mprotect ok
-+@c stack_list_del dup
-+@c _dl_deallocate_tls dup
-+@c munmap ok
-+@c THREAD_COPY_STACK_GUARD ok
-+@c THREAD_COPY_POINTER_GUARD ok
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
-+@c stack_list_del ok
-+@c atomic_write_barrier ok
-+@c list_del ok [uunguard]
-+@c atomic_write_barrier ok
-+@c queue_stack asmalloc, memleak
-+@c stack_list_add ok
-+@c atomic_write_barrier ok
-+@c list_add ok [uunguard]
-+@c atomic_write_barrier ok
-+@c free_stacks asmalloc, memleak
-+@c list_for_each_prev_safe ok
-+@c list_entry ok
-+@c FREE_P ok
-+@c stack_list_del dup
-+@c _dl_deallocate_tls dup
-+@c munmap ok
-+@c _dl_deallocate_tls asmalloc, memleak
-+@c free asmalloc, memleak
-+@c lll_unlock lockleak
-+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
-+@c td_eventword
-+@c td_eventmask
-+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
-+@c PREPARE_CREATE ok
-+@c lll_lock (pd->lock) selfdeadlock, lockleak
-+@c atomic_increment ok
-+@c clone ok
-+@c atomic_decrement ok
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c deallocate_stack dup
-+@c sched_setaffinity ok
-+@c tgkill ok
-+@c sched_setscheduler ok
-+@c atomic_compare_and_exchange_bool_acq ok
-+@c nptl_create_event ok
-+@c lll_unlock (pd->lock) lockleak
-+@c free asmalloc, memleak
-+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
-+@c add_request_to_runlist ok [xguargs]
-+@c pthread_cond_signal ok
-+@c aio_free_request ok [xguargs]
-+@c pthread_mutex_unlock lockleak
-+
-+@c (in the new thread, initiated with clone)
-+@c start_thread ok
-+@c HP_TIMING_NOW ok
-+@c ctype_init [glocale] (in theory, but optimized into safety)
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c sigemptyset ok
-+@c sigaddset ok
-+@c setjmp ok
-+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
-+@c do_cancel ok
-+@c pthread_unwind ok
-+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
-+@c lll_lock selfdeadlock, lockleak
-+@c lll_unlock selfdeadlock, lockleak
-+@c CANCEL_RESET -> pthread_disable_asynccancel ok
-+@c lll_futex_wait ok
-+@c ->start_routine ok -----
-+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
-+@c user-supplied dtor
-+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
-+@c rtld_lock_unlock_recursive lockleak
-+@c free asmalloc, memleak
-+@c nptl_deallocate_tsd asmalloc, memleak
-+@c tsd user-supplied dtors ok
-+@c free asmalloc, memleak
-+@c libc_thread_freeres
-+@c libc_thread_subfreeres ok
-+@c atomic_decrement_and_test ok
-+@c td_eventword ok
-+@c td_eventmask ok
-+@c atomic_compare_exchange_bool_acq ok
-+@c nptl_death_event ok
-+@c lll_robust_dead ok
-+@c getpagesize ok
-+@c madvise ok
-+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
-+@c free asmalloc, memleak
-+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_futex_wait ok
-+@c exit_thread_inline ok
-+@c syscall(exit) ok
-+
- This function initiates an asynchronous read operation. It
- immediately returns after the operation was enqueued or when an
- error was encountered.
-@@ -1988,6 +2200,7 @@ replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{aio_read} function. The only
- difference is that on @w{32 bit} machines, the file descriptor should
- be opened in the large file mode. Internally, @code{aio_read64} uses
-@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_write (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function initiates an asynchronous write operation. The function
- call immediately returns after the operation was enqueued or if before
- this happens an error was encountered.
-@@ -2072,6 +2286,7 @@ replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{aio_write} function. The only
- difference is that on @w{32 bit} machines the file descriptor should
- be opened in the large file mode. Internally @code{aio_write64} uses
-@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
-+@c enqueues each request. Then, it waits for notification or prepares
-+@c for it before releasing the lock. Even though it performs memory
-+@c allocation and locking of its own, it doesn't add any classes of
-+@c safety issues that aren't already covered by aio_enqueue_request.
- The @code{lio_listio} function can be used to enqueue an arbitrary
- number of read and write requests at one time. The requests can all be
- meant for the same file, all for different files or every solution in
-@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{lio_listio} function. The only
- difference is that on @w{32 bit} machines, the file descriptor should
- be opened in the large file mode. Internally, @code{lio_listio64} uses
-@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function determines the error state of the request described by the
- @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
- request has not yet terminated the value returned is always
-@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{aio_error} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2238,6 +2462,7 @@ machines.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function can be used to retrieve the return status of the operation
- carried out by the request described in the variable pointed to by
- @var{aiocbp}. As long as the error status of this request as returned
-@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{aio_return} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c After fcntl to check that the FD is open, it calls
-+@c aio_enqueue_request.
- Calling this function forces all I/O operations operating queued at the
- time of the function call operating on the file descriptor
- @code{aiocbp->aio_fildes} into the synchronized I/O completion state
-@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to @code{aio_fsync} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
-+@c for completion or timeout, and release the mutex.
- When calling this function, the calling thread is suspended until at
- least one of the requests pointed to by the @var{nent} elements of the
- array @var{list} has completed. If any of the requests has already
-@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is similar to @code{aio_suspend} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
-+@c aio_find_req_fd, aio_remove_request, then aio_notify and
-+@c aio_free_request each request before releasing the lock.
-+@c aio_notify calls aio_notify_only and free, besides cond signal or
-+@c similar. aio_notify_only calls pthread_attr_init,
-+@c pthread_attr_setdetachstate, malloc, pthread_create,
-+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
-+@c notify_func_wraper calls aio_start_notify_thread, free and then the
-+@c notifier function.
- The @code{aio_cancel} function can be used to cancel one or more
- outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
- function tries to cancel all of the outstanding requests which would process
-@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to @code{aio_cancel} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2529,6 +2774,8 @@ Unused.
- @comment aio.h
- @comment GNU
- @deftypefun void aio_init (const struct aioinit *@var{init})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c All changes to global objects are guarded by aio_requests_mutex.
- This function must be called before any other AIO function. Calling it
- is completely voluntary, as it is only meant to help the AIO
- implementation perform better.
-@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fcntl} function performs the operation specified by
- @var{command} on the file descriptor @var{filedes}. Some commands
- require additional arguments to be supplied. These additional arguments
-@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int dup (int @var{old})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function copies descriptor @var{old} to the first available
- descriptor number (the first number not currently open). It is
- equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
-@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int dup2 (int @var{old}, int @var{new})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function copies the descriptor @var{old} to descriptor number
- @var{new}.
-
-@@ -3631,6 +3881,7 @@ different headers.
- @comment sys/ioctl.h
- @comment BSD
- @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The @code{ioctl} function performs the generic I/O operation
- @var{command} on @var{filedes}.
-@@ -3650,3 +3901,6 @@ unknown device.
- Most IOCTLs are OS-specific and/or only used in special system utilities,
- and are thus beyond the scope of this document. For an example of the use
- of an IOCTL, see @ref{Out-of-Band Data}.
-+
-+@c FIXME this is undocumented:
-+@c dup3
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 323268d..da50d18 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @comment locale.h
- @comment ISO
- @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
--@safety{@mtunsafe{uunguard}}
--@c This function is MT-Safe, but uses of the global locale object are
--@c unguarded in functions that ought to be MT-Safe, so we're ruling out
--@c the use of this function once threads are started.
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Uses of the global locale object are unguarded in functions that
-+@c ought to be MT-Safe, so we're ruling out the use of this function
-+@c once threads are started. It takes a write lock itself, but it may
-+@c return a pointer loaded from the global locale object after releasing
-+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-+@c and free, and _nl_find_locale, which amount to all documented safety
-+@c issues. It also calls new_composite_name, setdata, and setname,
-+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
-diff --git a/manual/resource.texi b/manual/resource.texi
-index 1ec7af2..71b08f7 100644
---- a/manual/resource.texi
-+++ b/manual/resource.texi
-@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
- @comment sys/resource.h
- @comment BSD
- @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall on most systems.
- Read the current and maximum limits for the resource @var{resource}
- and store them in @code{*@var{rlp}}.
-
-@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
- @comment sys/resource.h
- @comment Unix98
- @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
- This function is similar to @code{getrlimit} but its second parameter is
- a pointer to a variable of type @code{struct rlimit64}, which allows it
- to read values which wouldn't fit in the member of a @code{struct
-@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
- @comment unistd.h
- @comment BSD
- @deftypefun int getpagesize (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
-+@c the exception, with the possibility of a syscall.
- The @code{getpagesize} function returns the page size of the process.
- This value is fixed for the runtime of the process but can vary in
- different runs of the application.
-@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun {long int} get_phys_pages (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
-+@c This fopens a /proc file and scans it for the requested information.
- The @code{get_phys_pages} function returns the total number of pages of
- physical the system has. To get the amount of memory this number has to
- be multiplied by the page size.
-@@ -1569,6 +1578,7 @@ This function is a GNU extension.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun {long int} get_avphys_pages (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
- The @code{get_phys_pages} function returns the number of available pages of
- physical the system has. To get the amount of memory this number has to
- be multiplied by the page size.
-@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun int get_nprocs_conf (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
-+@c This function reads from from /sys using dir streams (single user, so
-+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
-+@c streams.
- The @code{get_nprocs_conf} function returns the number of processors the
- operating system configured.
-
-@@ -1623,6 +1637,8 @@ This function is a GNU extension.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun int get_nprocs (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
-+@c This function reads from /proc using file descriptor I/O.
- The @code{get_nprocs} function returns the number of available processors.
-
- This function is a GNU extension.
-diff --git a/manual/search.texi b/manual/search.texi
-index efd3604..6910edc 100644
---- a/manual/search.texi
-+++ b/manual/search.texi
-@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
- @comment stdlib.h
- @comment ISO
- @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
-+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
- The @var{qsort} function sorts the array @var{array}. The array contains
- @var{count} elements, each of which is of size @var{size}.
-
-@@ -436,6 +437,11 @@ in the header file @file{search.h}.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
-+@c The tree is not modified in a thread-safe manner, and rotations may
-+@c leave the tree in an inconsistent state that could be observed in an
-+@c asynchronous signal handler or after asynchronous cancellation of the
-+@c thread performing the rotation or the insertion.
- The @code{tsearch} function searches in the tree pointed to by
- @code{*@var{rootp}} for an element matching @var{key}. The function
- pointed to by @var{compar} is used to determine whether two elements
-@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- The @code{tfind} function is similar to the @code{tsearch} function. It
- locates an element matching the one pointed to by @var{key} and returns
- a pointer to this element. But if no matching element is available no
-@@ -479,6 +486,7 @@ elements.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
- To remove a specific element matching @var{key} from the tree
- @code{tdelete} can be used. It locates the matching element using the
- same method as @code{tfind}. The corresponding element is then removed
-@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
- @comment search.h
- @comment GNU
- @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
- If the complete search tree has to be removed one can use
- @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
- function to generate the tree pointed to by @var{vroot}.
-@@ -546,6 +555,7 @@ The current node is a leaf.
- @comment search.h
- @comment SVID
- @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
-+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
- For each node in the tree with a node pointed to by @var{root}, the
- @code{twalk} function calls the function provided by the parameter
- @var{action}. For leaf nodes the function is called exactly once with
-diff --git a/manual/startup.texi b/manual/startup.texi
-index a277714..7bbaf13 100644
---- a/manual/startup.texi
-+++ b/manual/startup.texi
-@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
- The difference to the @code{setenv} function is that the exact string
- given as the parameter @var{string} is put into the environment. If the
- user should change the string after the @code{putenv} call this will
--reflect in automatically in the environment. This also requires that
--@var{string} is no automatic variable which scope is left before the
-+reflect automatically in the environment. This also requires that
-+@var{string} not be an automatic variable whose scope is left before the
- variable is removed from the environment. The same applies of course to
- dynamically allocated variables which are freed later.
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 7809dd4..79a3340 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- @c fopen may leak the list lock if cancelled within _IO_link_in.
- The @code{fopen} function opens a stream for I/O to the file
- @var{filename}, and returns a pointer to the stream.
-@@ -267,7 +267,7 @@ Locks}.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{fopen} but the stream it returns a
- pointer for is opened using @code{open64}. Therefore this stream can be
- used even on files larger then @math{2^31} bytes on 32 bit machines.
-@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
- @comment stdio.h
- @comment ISO
- @deftypefun int fclose (FILE *@var{stream})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
- @c After fclose, it is undefined behavior to use the stream it points
- @c to. Therefore, one must only call fclose when the stream is
- @c otherwise unused. Concurrent uses started before will complete
-@@ -2662,6 +2662,42 @@ pointer @var{ap}.
- @c case of cancellation. This doesn't make it unsafe, but cancelling it
- @c may leak memory. The unguarded use of __printf_function_table is
- @c also of concern for all callers.
-+@c _itoa ok
-+@c _udiv_qrnnd_preinv ok
-+@c group_number ok
-+@c _i18n_number_rewrite
-+@c __wctrans ok
-+@c __towctrans glocale
-+@c __wcrtomb ok? dup below
-+@c outdigit_value ok
-+@c outdigitwc_value ok
-+@c outchar ok
-+@c outstring ok
-+@c PAD ok
-+@c __printf_fp glocale memleak
-+@c __printf_fphex glocale
-+@c __readonly_area
-+@c [GNU/Linux] fopen, strtoul, free
-+@c __strerror_r ok if no translation, check otherwise
-+@c __btowc ? gconv-modules
-+@c __wcrtomb ok (not using internal state) gconv-modules
-+@c ARGCHECK
-+@c UNBUFFERED_P (tested before taking the stream lock)
-+@c buffered_vfprintf ok
-+@c __find_spec(wc|mb)
-+@c read_int
-+@c __libc_use_alloca
-+@c process_arg
-+@c process_string_arg
-+@c extend_alloca
-+@c __parse_one_spec(wc|mb)
-+@c *__printf_arginfo_table unguarded
-+@c __printf_va_arg_table-> unguarded
-+@c *__printf_function_table unguarded
-+@c done_add
-+@c printf_unknown
-+@c outchar
-+@c _itoa_word
- This is the equivalent of @code{fprintf} with the variable argument list
- specified directly as for @code{vprintf}.
- @end deftypefun
-@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
- @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
- @c bringing with it additional potential for async trouble with
- @c list_all_lock.
-@@ -5076,7 +5112,7 @@ Got r
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
--@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
- This function opens a stream for writing to a buffer. The buffer is
- allocated dynamically and grown as necessary, using @code{malloc}.
- After you've closed the stream, this buffer is your responsibility to
-@@ -5192,7 +5228,7 @@ closed.
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- This function actually creates the stream for communicating with the
- @var{cookie} using the functions in the @var{io-functions} argument.
- The @var{opentype} argument is interpreted as for @code{fopen};
-diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..a75d298 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
- @comment string.h
- @comment GNU
- @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls isdigit multiple times, locale may change in between.
- The @code{strverscmp} function compares the string @var{s1} against
- @var{s2}, considering them as holding indices/version numbers. The
- return value follows the same conventions as found in the
-@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
- @comment string.h
- @comment ISO
- @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Adjust alphasort one safety info is determined.
- The @code{strcoll} function is similar to @code{strcmp} but uses the
- collating sequence of the current locale for collation (the
- @code{LC_COLLATE} locale).
-diff --git a/manual/terminal.texi b/manual/terminal.texi
-index 9e9c057..7f62a4e 100644
---- a/manual/terminal.texi
-+++ b/manual/terminal.texi
-@@ -264,6 +264,9 @@ array.
- @comment termios.h
- @comment POSIX.1
- @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Converting the kernel-returned termios data structure to the userland
-+@c format does not ensure atomic or consistent writing.
- This function is used to examine the attributes of the terminal
- device with file descriptor @var{filedes}. The attributes are returned
- in the structure that @var{termios-p} points to.
-@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
- @comment termios.h
- @comment POSIX.1
- @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Converting the incoming termios data structure to the kernel format
-+@c does not ensure atomic or consistent reading.
- This function sets the attributes of the terminal device with file
- descriptor @var{filedes}. The new attributes are taken from the
- structure that @var{termios-p} points to.
-diff --git a/manual/threads.texi b/manual/threads.texi
-index a23ac26..19bfad6 100644
---- a/manual/threads.texi
-+++ b/manual/threads.texi
-@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
- data destructors or even as members of the thread-specific data, since the
- latter is passed as an argument to the destructor function.
-
-+@c FIXME: use @deftypefun for these.
- @item int pthread_key_delete (pthread_key_t @var{key})
- Destroy the thread-specific data @var{key} in the calling thread. The
- destructor for the thread-specific data is not called during destruction, nor
-@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
- The system does not have sufficient memory.
- @end table
- @end deftypefun
-+
-+@c FIXME these are undocumented:
-+@c pthread_atfork
-+@c pthread_attr_destroy
-+@c pthread_attr_getaffinity_np
-+@c pthread_attr_getdetachstate
-+@c pthread_attr_getguardsize
-+@c pthread_attr_getinheritsched
-+@c pthread_attr_getschedparam
-+@c pthread_attr_getschedpolicy
-+@c pthread_attr_getscope
-+@c pthread_attr_getstack
-+@c pthread_attr_getstackaddr
-+@c pthread_attr_getstacksize
-+@c pthread_attr_init
-+@c pthread_attr_setaffinity_np
-+@c pthread_attr_setdetachstate
-+@c pthread_attr_setguardsize
-+@c pthread_attr_setinheritsched
-+@c pthread_attr_setschedparam
-+@c pthread_attr_setschedpolicy
-+@c pthread_attr_setscope
-+@c pthread_attr_setstack
-+@c pthread_attr_setstackaddr
-+@c pthread_attr_setstacksize
-+@c pthread_barrierattr_destroy
-+@c pthread_barrierattr_getpshared
-+@c pthread_barrierattr_init
-+@c pthread_barrierattr_setpshared
-+@c pthread_barrier_destroy
-+@c pthread_barrier_init
-+@c pthread_barrier_wait
-+@c pthread_cancel
-+@c pthread_cleanup_push
-+@c pthread_cleanup_pop
-+@c pthread_condattr_destroy
-+@c pthread_condattr_getclock
-+@c pthread_condattr_getpshared
-+@c pthread_condattr_init
-+@c pthread_condattr_setclock
-+@c pthread_condattr_setpshared
-+@c pthread_cond_broadcast
-+@c pthread_cond_destroy
-+@c pthread_cond_init
-+@c pthread_cond_signal
-+@c pthread_cond_timedwait
-+@c pthread_cond_wait
-+@c pthread_create
-+@c pthread_detach
-+@c pthread_equal
-+@c pthread_exit
-+@c pthread_getaffinity_np
-+@c pthread_getattr_np
-+@c pthread_getconcurrency
-+@c pthread_getcpuclockid
-+@c pthread_getname_np
-+@c pthread_getschedparam
-+@c pthread_join
-+@c pthread_kill
-+@c pthread_kill_other_threads_np
-+@c pthread_mutexattr_destroy
-+@c pthread_mutexattr_getkind_np
-+@c pthread_mutexattr_getprioceiling
-+@c pthread_mutexattr_getprotocol
-+@c pthread_mutexattr_getpshared
-+@c pthread_mutexattr_getrobust
-+@c pthread_mutexattr_getrobust_np
-+@c pthread_mutexattr_gettype
-+@c pthread_mutexattr_init
-+@c pthread_mutexattr_setkind_np
-+@c pthread_mutexattr_setprioceiling
-+@c pthread_mutexattr_setprotocol
-+@c pthread_mutexattr_setpshared
-+@c pthread_mutexattr_setrobust
-+@c pthread_mutexattr_setrobust_np
-+@c pthread_mutexattr_settype
-+@c pthread_mutex_consistent
-+@c pthread_mutex_consistent_np
-+@c pthread_mutex_destroy
-+@c pthread_mutex_getprioceiling
-+@c pthread_mutex_init
-+@c pthread_mutex_lock
-+@c pthread_mutex_setprioceiling
-+@c pthread_mutex_timedlock
-+@c pthread_mutex_trylock
-+@c pthread_mutex_unlock
-+@c pthread_once
-+@c pthread_rwlockattr_destroy
-+@c pthread_rwlockattr_getkind_np
-+@c pthread_rwlockattr_getpshared
-+@c pthread_rwlockattr_init
-+@c pthread_rwlockattr_setkind_np
-+@c pthread_rwlockattr_setpshared
-+@c pthread_rwlock_destroy
-+@c pthread_rwlock_init
-+@c pthread_rwlock_rdlock
-+@c pthread_rwlock_timedrdlock
-+@c pthread_rwlock_timedwrlock
-+@c pthread_rwlock_tryrdlock
-+@c pthread_rwlock_trywrlock
-+@c pthread_rwlock_unlock
-+@c pthread_rwlock_wrlock
-+@c pthread_self
-+@c pthread_setaffinity_np
-+@c pthread_setcancelstate
-+@c pthread_setcanceltype
-+@c pthread_setconcurrency
-+@c pthread_setname_np
-+@c pthread_setschedparam
-+@c pthread_setschedprio
-+@c pthread_sigmask
-+@c pthread_sigqueue
-+@c pthread_spin_destroy
-+@c pthread_spin_init
-+@c pthread_spin_lock
-+@c pthread_spin_trylock
-+@c pthread_spin_unlock
-+@c pthread_testcancel
-+@c pthread_timedjoin_np
-+@c pthread_tryjoin_np
-+@c pthread_yield
-diff --git a/manual/time.texi b/manual/time.texi
-index ff31e28..3967b24 100644
---- a/manual/time.texi
-+++ b/manual/time.texi
-@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c On most GNU/Linux systems this is a direct syscall, but the posix/
-+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
-+@c localtime_r, saving and restoring tzname in an unsafe manner.
-+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
-+@c for vdso resolution. ifunc-vdso-revisit.
- The @code{gettimeofday} function returns the current calendar time as
- the elapsed time since the epoch in the @code{struct timeval} structure
- indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
commit 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3152fe9b71d25e5a079af8a12b1ab66c69174413
commit 3152fe9b71d25e5a079af8a12b1ab66c69174413
Merge: 409b9c1 36ebef0 32cc08f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:51 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=409b9c1dc08236ce6fc200dbf7ac8f1ce7466fd5
commit 409b9c1dc08236ce6fc200dbf7ac8f1ce7466fd5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:51 2013 -0300
import
diff --git a/meta b/meta
index a8768b4..2ab621e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
-Head: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
+Previous: 32cc08f6887f254257307044a1da7e83889300d8
+Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -28,6 +28,7 @@ Applied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
+ wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
new file mode 100644
index 0000000..ee52a8e
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -0,0 +1,31 @@
+Bottom: 934314e9de7d53f206e47915ea85ef4798ee295a
+Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:14:50 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/time.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/time.texi b/manual/time.texi
+index ff31e28..3967b24 100644
+--- a/manual/time.texi
++++ b/manual/time.texi
+@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c On most GNU/Linux systems this is a direct syscall, but the posix/
++@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
++@c localtime_r, saving and restoring tzname in an unsafe manner.
++@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
++@c for vdso resolution. ifunc-vdso-revisit.
+ The @code{gettimeofday} function returns the current calendar time as
+ the elapsed time since the epoch in the @code{struct timeval} structure
+ indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=36ebef0d2d702667bef29dd37c04d3a416cfaa1c
commit 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=32cc08f6887f254257307044a1da7e83889300d8
commit 32cc08f6887f254257307044a1da7e83889300d8
Merge: 0b5bbfe f47c93c 9af9962
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:36 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b5bbfef237a30c3c4c54b5e4e2e0b9c0ac358bc
commit 0b5bbfef237a30c3c4c54b5e4e2e0b9c0ac358bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:36 2013 -0300
import
diff --git a/meta b/meta
index 78c93b5..a8768b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9d6b1e3e15da247a2588e6e4e56507f3d460964f
-Head: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
+Previous: 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
+Head: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -27,6 +27,7 @@ Applied:
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
+ wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
new file mode 100644
index 0000000..a8a9208
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -0,0 +1,151 @@
+Bottom: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Top: 934314e9de7d53f206e47915ea85ef4798ee295a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:14:35 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/threads.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/threads.texi b/manual/threads.texi
+index a23ac26..19bfad6 100644
+--- a/manual/threads.texi
++++ b/manual/threads.texi
+@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
+ data destructors or even as members of the thread-specific data, since the
+ latter is passed as an argument to the destructor function.
+
++@c FIXME: use @deftypefun for these.
+ @item int pthread_key_delete (pthread_key_t @var{key})
+ Destroy the thread-specific data @var{key} in the calling thread. The
+ destructor for the thread-specific data is not called during destruction, nor
+@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
+ The system does not have sufficient memory.
+ @end table
+ @end deftypefun
++
++@c FIXME these are undocumented:
++@c pthread_atfork
++@c pthread_attr_destroy
++@c pthread_attr_getaffinity_np
++@c pthread_attr_getdetachstate
++@c pthread_attr_getguardsize
++@c pthread_attr_getinheritsched
++@c pthread_attr_getschedparam
++@c pthread_attr_getschedpolicy
++@c pthread_attr_getscope
++@c pthread_attr_getstack
++@c pthread_attr_getstackaddr
++@c pthread_attr_getstacksize
++@c pthread_attr_init
++@c pthread_attr_setaffinity_np
++@c pthread_attr_setdetachstate
++@c pthread_attr_setguardsize
++@c pthread_attr_setinheritsched
++@c pthread_attr_setschedparam
++@c pthread_attr_setschedpolicy
++@c pthread_attr_setscope
++@c pthread_attr_setstack
++@c pthread_attr_setstackaddr
++@c pthread_attr_setstacksize
++@c pthread_barrierattr_destroy
++@c pthread_barrierattr_getpshared
++@c pthread_barrierattr_init
++@c pthread_barrierattr_setpshared
++@c pthread_barrier_destroy
++@c pthread_barrier_init
++@c pthread_barrier_wait
++@c pthread_cancel
++@c pthread_cleanup_push
++@c pthread_cleanup_pop
++@c pthread_condattr_destroy
++@c pthread_condattr_getclock
++@c pthread_condattr_getpshared
++@c pthread_condattr_init
++@c pthread_condattr_setclock
++@c pthread_condattr_setpshared
++@c pthread_cond_broadcast
++@c pthread_cond_destroy
++@c pthread_cond_init
++@c pthread_cond_signal
++@c pthread_cond_timedwait
++@c pthread_cond_wait
++@c pthread_create
++@c pthread_detach
++@c pthread_equal
++@c pthread_exit
++@c pthread_getaffinity_np
++@c pthread_getattr_np
++@c pthread_getconcurrency
++@c pthread_getcpuclockid
++@c pthread_getname_np
++@c pthread_getschedparam
++@c pthread_join
++@c pthread_kill
++@c pthread_kill_other_threads_np
++@c pthread_mutexattr_destroy
++@c pthread_mutexattr_getkind_np
++@c pthread_mutexattr_getprioceiling
++@c pthread_mutexattr_getprotocol
++@c pthread_mutexattr_getpshared
++@c pthread_mutexattr_getrobust
++@c pthread_mutexattr_getrobust_np
++@c pthread_mutexattr_gettype
++@c pthread_mutexattr_init
++@c pthread_mutexattr_setkind_np
++@c pthread_mutexattr_setprioceiling
++@c pthread_mutexattr_setprotocol
++@c pthread_mutexattr_setpshared
++@c pthread_mutexattr_setrobust
++@c pthread_mutexattr_setrobust_np
++@c pthread_mutexattr_settype
++@c pthread_mutex_consistent
++@c pthread_mutex_consistent_np
++@c pthread_mutex_destroy
++@c pthread_mutex_getprioceiling
++@c pthread_mutex_init
++@c pthread_mutex_lock
++@c pthread_mutex_setprioceiling
++@c pthread_mutex_timedlock
++@c pthread_mutex_trylock
++@c pthread_mutex_unlock
++@c pthread_once
++@c pthread_rwlockattr_destroy
++@c pthread_rwlockattr_getkind_np
++@c pthread_rwlockattr_getpshared
++@c pthread_rwlockattr_init
++@c pthread_rwlockattr_setkind_np
++@c pthread_rwlockattr_setpshared
++@c pthread_rwlock_destroy
++@c pthread_rwlock_init
++@c pthread_rwlock_rdlock
++@c pthread_rwlock_timedrdlock
++@c pthread_rwlock_timedwrlock
++@c pthread_rwlock_tryrdlock
++@c pthread_rwlock_trywrlock
++@c pthread_rwlock_unlock
++@c pthread_rwlock_wrlock
++@c pthread_self
++@c pthread_setaffinity_np
++@c pthread_setcancelstate
++@c pthread_setcanceltype
++@c pthread_setconcurrency
++@c pthread_setname_np
++@c pthread_setschedparam
++@c pthread_setschedprio
++@c pthread_sigmask
++@c pthread_sigqueue
++@c pthread_spin_destroy
++@c pthread_spin_init
++@c pthread_spin_lock
++@c pthread_spin_trylock
++@c pthread_spin_unlock
++@c pthread_testcancel
++@c pthread_timedjoin_np
++@c pthread_tryjoin_np
++@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
commit f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9af99627e811f0fdcfb787cd4fd7c395fa08caf0
commit 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
Merge: 62cd4e6 131f3d7 9d6b1e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62cd4e647e34e31ad1e3a186be37661288afba1b
commit 62cd4e647e34e31ad1e3a186be37661288afba1b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
import
diff --git a/meta b/meta
index 902eaac..78c93b5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
-Head: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
+Previous: 9d6b1e3e15da247a2588e6e4e56507f3d460964f
+Head: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -26,6 +26,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
+ wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
new file mode 100644
index 0000000..09d43ed
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -0,0 +1,38 @@
+Bottom: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Top: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:13:53 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/terminal.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/terminal.texi b/manual/terminal.texi
+index 9e9c057..7f62a4e 100644
+--- a/manual/terminal.texi
++++ b/manual/terminal.texi
+@@ -264,6 +264,9 @@ array.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the kernel-returned termios data structure to the userland
++@c format does not ensure atomic or consistent writing.
+ This function is used to examine the attributes of the terminal
+ device with file descriptor @var{filedes}. The attributes are returned
+ in the structure that @var{termios-p} points to.
+@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the incoming termios data structure to the kernel format
++@c does not ensure atomic or consistent reading.
+ This function sets the attributes of the terminal device with file
+ descriptor @var{filedes}. The new attributes are taken from the
+ structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=131f3d7cbdeaec2279062d5bd94af6281390b9ba
commit 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d6b1e3e15da247a2588e6e4e56507f3d460964f
commit 9d6b1e3e15da247a2588e6e4e56507f3d460964f
Merge: 59dcb93 358134b ea4fd9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59dcb935e3195f296afe22873dfe1706c77beeba
commit 59dcb935e3195f296afe22873dfe1706c77beeba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
import
diff --git a/meta b/meta
index 6a6db56..902eaac 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
-Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Previous: ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
+Head: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,6 +25,7 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+ wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
new file mode 100644
index 0000000..c2dd68c
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -0,0 +1,36 @@
+Bottom: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Top: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:13:24 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/string.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index 246be84..a75d298 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
+ @comment string.h
+ @comment GNU
+ @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls isdigit multiple times, locale may change in between.
+ The @code{strverscmp} function compares the string @var{s1} against
+ @var{s2}, considering them as holding indices/version numbers. The
+ return value follows the same conventions as found in the
+@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+ @comment string.h
+ @comment ISO
+ @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Adjust alphasort one safety info is determined.
+ The @code{strcoll} function is similar to @code{strcmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
commit 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
commit ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
Merge: 1f35875 b6c3b59 7813e94
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f35875992d2f4994c57f952436924323701762f
commit 1f35875992d2f4994c57f952436924323701762f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh
diff --git a/meta b/meta
index 62198e1..6a6db56 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
-Head: fe734e3c4e47da61876a28df92f216ffe7f91900
+Previous: 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
+Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -24,8 +24,7 @@ Applied:
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
- manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
- refresh-temp: fe734e3c4e47da61876a28df92f216ffe7f91900
+ manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 373e2ca..8b416af 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,14 +13,14 @@ for ChangeLog
---
diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 3f9be9bc5..7809dd4 100644
+index 3f9be9bc5..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -29,7 +29,7 @@ index 3f9be9bc5..7809dd4 100644
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -94,7 +94,7 @@ index 3f9be9bc5..7809dd4 100644
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
@@ -644,7 +644,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
-@@ -2525,6 +2656,12 @@ pointer @var{ap}.
+@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -654,10 +654,46 @@ index 3f9be9bc5..7809dd4 100644
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
+@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -665,7 +701,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
+@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -673,7 +709,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
+@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
@@ -681,7 +717,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
+@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
@@ -689,7 +725,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
+@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
@@ -697,7 +733,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
+@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
@@ -708,7 +744,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
-@@ -2639,6 +2785,7 @@ file @file{printf.h}.
+@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
@@ -716,7 +752,7 @@ index 3f9be9bc5..7809dd4 100644
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
-@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
+@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
@@ -729,7 +765,7 @@ index 3f9be9bc5..7809dd4 100644
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
-@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
+@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
@@ -742,7 +778,7 @@ index 3f9be9bc5..7809dd4 100644
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
-@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
+@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
@@ -750,7 +786,7 @@ index 3f9be9bc5..7809dd4 100644
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
-@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
+@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
@@ -758,7 +794,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
+@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
@@ -766,7 +802,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
+@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
@@ -774,7 +810,7 @@ index 3f9be9bc5..7809dd4 100644
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
@@ -782,7 +818,7 @@ index 3f9be9bc5..7809dd4 100644
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
@@ -790,7 +826,7 @@ index 3f9be9bc5..7809dd4 100644
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
+@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
@@ -798,7 +834,7 @@ index 3f9be9bc5..7809dd4 100644
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
+@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
@@ -806,7 +842,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
@@ -814,7 +850,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -822,7 +858,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
+@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -830,7 +866,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
+@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -838,7 +874,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
+@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
@@ -846,7 +882,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
+@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
@@ -854,7 +890,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
-@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
+@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
@@ -864,7 +900,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
-@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
@@ -872,7 +908,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
-@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
@@ -880,7 +916,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
-@@ -4023,6 +4201,7 @@ function.
+@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
@@ -888,7 +924,7 @@ index 3f9be9bc5..7809dd4 100644
This function clears the end-of-file and error indicators for the
stream @var{stream}.
-@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
+@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
@@ -896,7 +932,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
-@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
+@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
@@ -904,7 +940,7 @@ index 3f9be9bc5..7809dd4 100644
This function returns the current file position of the stream
@var{stream}.
-@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
+@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
@@ -912,7 +948,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
-@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
+@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
@@ -920,7 +956,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
-@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
+@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
@@ -928,7 +964,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
-@@ -4215,6 +4399,7 @@ place in the file.
+@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
@@ -936,7 +972,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
-@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
+@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
@@ -944,7 +980,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
-@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
+@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
@@ -952,7 +988,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
-@@ -4407,6 +4594,7 @@ representation.
+@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
@@ -960,7 +996,7 @@ index 3f9be9bc5..7809dd4 100644
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
-@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
+@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
@@ -968,7 +1004,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
-@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
+@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
@@ -976,7 +1012,7 @@ index 3f9be9bc5..7809dd4 100644
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
-@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
+@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
@@ -984,7 +1020,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
-@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
+@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
@@ -992,7 +1028,7 @@ index 3f9be9bc5..7809dd4 100644
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
-@@ -4572,6 +4764,7 @@ otherwise.
+@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
@@ -1000,7 +1036,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
-@@ -4588,6 +4781,7 @@ exported.
+@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
@@ -1008,7 +1044,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
-@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
+@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
@@ -1016,7 +1052,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
-@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
+@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
@@ -1024,7 +1060,7 @@ index 3f9be9bc5..7809dd4 100644
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
-@@ -4710,6 +4906,7 @@ efficient size.
+@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
@@ -1032,7 +1068,7 @@ index 3f9be9bc5..7809dd4 100644
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
-@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
+@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
@@ -1040,7 +1076,7 @@ index 3f9be9bc5..7809dd4 100644
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
-@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
+@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
@@ -1048,7 +1084,7 @@ index 3f9be9bc5..7809dd4 100644
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
-@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
+@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
@@ -1056,7 +1092,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
-@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
+@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
@@ -1064,7 +1100,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
-@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
+@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
@@ -1072,34 +1108,34 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
-@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
+@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
-@@ -4870,6 +5076,7 @@ Got r
+@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
-@@ -4985,6 +5192,7 @@ closed.
+@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
-@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
+@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
@@ -1107,7 +1143,7 @@ index 3f9be9bc5..7809dd4 100644
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
-@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
+@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index fe070cb..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,110 +0,0 @@
-Bottom: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:12:52 -0300
-
-Refresh of manual-document-mt-safety-stdio.patch
-
----
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 7809dd4..79a3340 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- @c fopen may leak the list lock if cancelled within _IO_link_in.
- The @code{fopen} function opens a stream for I/O to the file
- @var{filename}, and returns a pointer to the stream.
-@@ -267,7 +267,7 @@ Locks}.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{fopen} but the stream it returns a
- pointer for is opened using @code{open64}. Therefore this stream can be
- used even on files larger then @math{2^31} bytes on 32 bit machines.
-@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
- @comment stdio.h
- @comment ISO
- @deftypefun int fclose (FILE *@var{stream})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
- @c After fclose, it is undefined behavior to use the stream it points
- @c to. Therefore, one must only call fclose when the stream is
- @c otherwise unused. Concurrent uses started before will complete
-@@ -2662,6 +2662,42 @@ pointer @var{ap}.
- @c case of cancellation. This doesn't make it unsafe, but cancelling it
- @c may leak memory. The unguarded use of __printf_function_table is
- @c also of concern for all callers.
-+@c _itoa ok
-+@c _udiv_qrnnd_preinv ok
-+@c group_number ok
-+@c _i18n_number_rewrite
-+@c __wctrans ok
-+@c __towctrans glocale
-+@c __wcrtomb ok? dup below
-+@c outdigit_value ok
-+@c outdigitwc_value ok
-+@c outchar ok
-+@c outstring ok
-+@c PAD ok
-+@c __printf_fp glocale memleak
-+@c __printf_fphex glocale
-+@c __readonly_area
-+@c [GNU/Linux] fopen, strtoul, free
-+@c __strerror_r ok if no translation, check otherwise
-+@c __btowc ? gconv-modules
-+@c __wcrtomb ok (not using internal state) gconv-modules
-+@c ARGCHECK
-+@c UNBUFFERED_P (tested before taking the stream lock)
-+@c buffered_vfprintf ok
-+@c __find_spec(wc|mb)
-+@c read_int
-+@c __libc_use_alloca
-+@c process_arg
-+@c process_string_arg
-+@c extend_alloca
-+@c __parse_one_spec(wc|mb)
-+@c *__printf_arginfo_table unguarded
-+@c __printf_va_arg_table-> unguarded
-+@c *__printf_function_table unguarded
-+@c done_add
-+@c printf_unknown
-+@c outchar
-+@c _itoa_word
- This is the equivalent of @code{fprintf} with the variable argument list
- specified directly as for @code{vprintf}.
- @end deftypefun
-@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
- @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
- @c bringing with it additional potential for async trouble with
- @c list_all_lock.
-@@ -5076,7 +5112,7 @@ Got r
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
--@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
- This function opens a stream for writing to a buffer. The buffer is
- allocated dynamically and grown as necessary, using @code{malloc}.
- After you've closed the stream, this buffer is your responsibility to
-@@ -5192,7 +5228,7 @@ closed.
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- This function actually creates the stream for communicating with the
- @var{cookie} using the functions in the @var{io-functions} argument.
- The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
commit 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
Merge: 233a8e5 fe734e3 46dbc4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=233a8e5787e22d033aa1530a55a3b1f4dc5769b5
commit 233a8e5787e22d033aa1530a55a3b1f4dc5769b5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index b6b4736..62198e1 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
-Head: 4317964c441ce5286d9d38d49a63be64118cf356
+Previous: 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
+Head: fe734e3c4e47da61876a28df92f216ffe7f91900
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,6 +25,7 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
+ refresh-temp: fe734e3c4e47da61876a28df92f216ffe7f91900
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..fe070cb
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,110 @@
+Bottom: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:12:52 -0300
+
+Refresh of manual-document-mt-safety-stdio.patch
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 7809dd4..79a3340 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ @c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+@@ -267,7 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+ @c After fclose, it is undefined behavior to use the stream it points
+ @c to. Therefore, one must only call fclose when the stream is
+ @c otherwise unused. Concurrent uses started before will complete
+@@ -2662,6 +2662,42 @@ pointer @var{ap}.
+ @c case of cancellation. This doesn't make it unsafe, but cancelling it
+ @c may leak memory. The unguarded use of __printf_function_table is
+ @c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+ @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+ @c bringing with it additional potential for async trouble with
+ @c list_all_lock.
+@@ -5076,7 +5112,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -5192,7 +5228,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe734e3c4e47da61876a28df92f216ffe7f91900
commit fe734e3c4e47da61876a28df92f216ffe7f91900
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:52 2013 -0300
Refresh of manual-document-mt-safety-stdio.patch
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
commit 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
Merge: 65240fd 0d1caeb 4317964
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:39 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
commit b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=65240fd3a07048cfe76d16227b6e441df5380da3
commit 65240fd3a07048cfe76d16227b6e441df5380da3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:38 2013 -0300
push
diff --git a/meta b/meta
index b562e1a..b6b4736 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 028f564b87a1b5e768093944d82e91ae2d4a1a40
-Head: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
+Previous: 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
+Head: 4317964c441ce5286d9d38d49a63be64118cf356
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
+ manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
Unapplied:
- manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index ad86e9d..373e2ca 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: f75097e48123219d68b9307cd827515c123cf0b8
+Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Top: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4317964c441ce5286d9d38d49a63be64118cf356
commit 4317964c441ce5286d9d38d49a63be64118cf356
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0d1caeb5637d1e9380fd955561a0f2d69bd78f12
commit 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
Merge: df90f63 028f564 eefb3a2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:29 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df90f634c259e2a8958e078880b8a10b76e8b50d
commit df90f634c259e2a8958e078880b8a10b76e8b50d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:29 2013 -0300
import
diff --git a/meta b/meta
index ff7e84d..b562e1a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6d76ef68923238530b5af925972ec25e07f09f2a
-Head: 72885eef5a5c94642ef40c16b2838f314908e7da
+Previous: 028f564b87a1b5e768093944d82e91ae2d4a1a40
+Head: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -23,6 +23,7 @@ Applied:
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
+ wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
new file mode 100644
index 0000000..cd2fcf0
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -0,0 +1,28 @@
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:12:28 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/startup.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/startup.texi b/manual/startup.texi
+index a277714..7bbaf13 100644
+--- a/manual/startup.texi
++++ b/manual/startup.texi
+@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
+ The difference to the @code{setenv} function is that the exact string
+ given as the parameter @var{string} is put into the environment. If the
+ user should change the string after the @code{putenv} call this will
+-reflect in automatically in the environment. This also requires that
+-@var{string} is no automatic variable which scope is left before the
++reflect automatically in the environment. This also requires that
++@var{string} not be an automatic variable whose scope is left before the
+ variable is removed from the environment. The same applies of course to
+ dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
commit eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=028f564b87a1b5e768093944d82e91ae2d4a1a40
commit 028f564b87a1b5e768093944d82e91ae2d4a1a40
Merge: 16ee509 72885ee 6d76ef6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:56 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16ee5093c8a53d58dadae44624f15e244e6d4187
commit 16ee5093c8a53d58dadae44624f15e244e6d4187
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:56 2013 -0300
import
diff --git a/meta b/meta
index 73e1f9c..ff7e84d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1cf411981bae299f53e7cbd67aefd378561e3be0
-Head: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
+Previous: 6d76ef68923238530b5af925972ec25e07f09f2a
+Head: 72885eef5a5c94642ef40c16b2838f314908e7da
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -22,6 +22,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
+ manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
new file mode 100644
index 0000000..fb52bb3
--- /dev/null
+++ b/patches/manual-document-mt-safety-search.patch
@@ -0,0 +1,70 @@
+Bottom: e27f818dd7517eeba6c572017e1d77241113d456
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:11:55 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/search.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/search.texi b/manual/search.texi
+index efd3604..6910edc 100644
+--- a/manual/search.texi
++++ b/manual/search.texi
+@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
+ The @var{qsort} function sorts the array @var{array}. The array contains
+ @var{count} elements, each of which is of size @var{size}.
+
+@@ -436,6 +437,11 @@ in the header file @file{search.h}.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
++@c The tree is not modified in a thread-safe manner, and rotations may
++@c leave the tree in an inconsistent state that could be observed in an
++@c asynchronous signal handler or after asynchronous cancellation of the
++@c thread performing the rotation or the insertion.
+ The @code{tsearch} function searches in the tree pointed to by
+ @code{*@var{rootp}} for an element matching @var{key}. The function
+ pointed to by @var{compar} is used to determine whether two elements
+@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ The @code{tfind} function is similar to the @code{tsearch} function. It
+ locates an element matching the one pointed to by @var{key} and returns
+ a pointer to this element. But if no matching element is available no
+@@ -479,6 +486,7 @@ elements.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+ To remove a specific element matching @var{key} from the tree
+ @code{tdelete} can be used. It locates the matching element using the
+ same method as @code{tfind}. The corresponding element is then removed
+@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
+ @comment search.h
+ @comment GNU
+ @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ If the complete search tree has to be removed one can use
+ @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
+ function to generate the tree pointed to by @var{vroot}.
+@@ -546,6 +555,7 @@ The current node is a leaf.
+ @comment search.h
+ @comment SVID
+ @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
++@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
+ For each node in the tree with a node pointed to by @var{root}, the
+ @code{twalk} function calls the function provided by the parameter
+ @var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=72885eef5a5c94642ef40c16b2838f314908e7da
commit 72885eef5a5c94642ef40c16b2838f314908e7da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d76ef68923238530b5af925972ec25e07f09f2a
commit 6d76ef68923238530b5af925972ec25e07f09f2a
Merge: b497c49 5d3bcb1 1cf4119
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:18 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b497c49e52aaedc3cf7cbf5c68ddfee03482e6c7
commit b497c49e52aaedc3cf7cbf5c68ddfee03482e6c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:18 2013 -0300
push
diff --git a/meta b/meta
index c5eca2a..73e1f9c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a7ee668dad2fe9eff02944d144e0563e8010b56f
-Head: d3dde95c92ff8c7cd8e225a21b46c00449db834d
+Previous: 1cf411981bae299f53e7cbd67aefd378561e3be0
+Head: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
+ manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Unapplied:
- manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 5b2e192..3fa9fb2 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d713f011ada06fb3801e4032349a8ad88e6bc10c
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: e27f818dd7517eeba6c572017e1d77241113d456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
commit 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1cf411981bae299f53e7cbd67aefd378561e3be0
commit 1cf411981bae299f53e7cbd67aefd378561e3be0
Merge: 0143f21 d3dde95 a7ee668
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:14 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0143f2179b4146932a210ef1eebd3a4d604ebf4b
commit 0143f2179b4146932a210ef1eebd3a4d604ebf4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:14 2013 -0300
float
diff --git a/meta b/meta
index 9f55f60..c5eca2a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: daf305833c7d056c5fdee51b490cefaf60d5b417
-Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
+Previous: a7ee668dad2fe9eff02944d144e0563e8010b56f
+Head: d3dde95c92ff8c7cd8e225a21b46c00449db834d
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
+ manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
Unapplied:
manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
- manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 336844e..66820ca 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
-Top: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3dde95c92ff8c7cd8e225a21b46c00449db834d
commit d3dde95c92ff8c7cd8e225a21b46c00449db834d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7ee668dad2fe9eff02944d144e0563e8010b56f
commit a7ee668dad2fe9eff02944d144e0563e8010b56f
Merge: 46fa156 daf3058
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:10 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46fa15640d7c007544f208000ef5ffc74fada4fb
commit 46fa15640d7c007544f208000ef5ffc74fada4fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:10 2013 -0300
pop
diff --git a/meta b/meta
index afd5834..9f55f60 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5ea127b745d4510b2dd3d381784775ebcfb495c1
-Head: 92b145ac00e9dc2a9143644e5df35d849d789cf1
+Previous: daf305833c7d056c5fdee51b490cefaf60d5b417
+Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,8 +20,8 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
- manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Unapplied:
+ manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=daf305833c7d056c5fdee51b490cefaf60d5b417
commit daf305833c7d056c5fdee51b490cefaf60d5b417
Merge: eab9e78 5ea127b 92b145a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eab9e7849544510e21f3b4aa25d1d6956cfbba9c
commit eab9e7849544510e21f3b4aa25d1d6956cfbba9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
import
diff --git a/meta b/meta
index 9b76d00..afd5834 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
-Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
+Previous: 5ea127b745d4510b2dd3d381784775ebcfb495c1
+Head: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
+ manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
new file mode 100644
index 0000000..5b2e192
--- /dev/null
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -0,0 +1,83 @@
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d713f011ada06fb3801e4032349a8ad88e6bc10c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:11:00 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/resource.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/resource.texi b/manual/resource.texi
+index 1ec7af2..71b08f7 100644
+--- a/manual/resource.texi
++++ b/manual/resource.texi
+@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
+ @comment sys/resource.h
+ @comment BSD
+ @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems.
+ Read the current and maximum limits for the resource @var{resource}
+ and store them in @code{*@var{rlp}}.
+
+@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
+ @comment sys/resource.h
+ @comment Unix98
+ @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
+ This function is similar to @code{getrlimit} but its second parameter is
+ a pointer to a variable of type @code{struct rlimit64}, which allows it
+ to read values which wouldn't fit in the member of a @code{struct
+@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int getpagesize (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
++@c the exception, with the possibility of a syscall.
+ The @code{getpagesize} function returns the page size of the process.
+ This value is fixed for the runtime of the process but can vary in
+ different runs of the application.
+@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_phys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This fopens a /proc file and scans it for the requested information.
+ The @code{get_phys_pages} function returns the total number of pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1569,6 +1578,7 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_avphys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+ The @code{get_phys_pages} function returns the number of available pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs_conf (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This function reads from from /sys using dir streams (single user, so
++@c no staticbuf MT-Safety issue), and on some arches, from /proc using
++@c streams.
+ The @code{get_nprocs_conf} function returns the number of processors the
+ operating system configured.
+
+@@ -1623,6 +1637,8 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs (void)
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
++@c This function reads from /proc using file descriptor I/O.
+ The @code{get_nprocs} function returns the number of available processors.
+
+ This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92b145ac00e9dc2a9143644e5df35d849d789cf1
commit 92b145ac00e9dc2a9143644e5df35d849d789cf1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5ea127b745d4510b2dd3d381784775ebcfb495c1
commit 5ea127b745d4510b2dd3d381784775ebcfb495c1
Merge: b725d38 d31f4f3 26ea2d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b725d38d9b1ea0daae2378b3177f8bf6ab49e2fd
commit b725d38d9b1ea0daae2378b3177f8bf6ab49e2fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh
diff --git a/meta b/meta
index 7c829cd..9b76d00 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
-Head: 3c492e4cb73b102004f78143627f4afcb4a941e8
+Previous: d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
+Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -19,8 +19,7 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
- refresh-temp: 3c492e4cb73b102004f78143627f4afcb4a941e8
+ wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d4ce415..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,34 +0,0 @@
-Bottom: 0eeefb1a35224c039dbbaef4f501176743a94c97
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:10:33 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 323268d..da50d18 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @comment locale.h
- @comment ISO
- @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
--@safety{@mtunsafe{uunguard}}
--@c This function is MT-Safe, but uses of the global locale object are
--@c unguarded in functions that ought to be MT-Safe, so we're ruling out
--@c the use of this function once threads are started.
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Uses of the global locale object are unguarded in functions that
-+@c ought to be MT-Safe, so we're ruling out the use of this function
-+@c once threads are started. It takes a write lock itself, but it may
-+@c return a pointer loaded from the global locale object after releasing
-+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-+@c and free, and _nl_find_locale, which amount to all documented safety
-+@c issues. It also calls new_composite_name, setdata, and setname,
-+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 05f521a..6515b05 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 0eeefb1a35224c039dbbaef4f501176743a94c97
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,17 +13,23 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..323268d 100644
+index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-+@safety{@mtunsafe{uunguard}}
-+@c This function is MT-Safe, but uses of the global locale object are
-+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-+@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
commit d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
Merge: bd1c881 7ab19d0 3c492e4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bd1c8815ec1444905bcac77db104b3f50fa7e079
commit bd1c8815ec1444905bcac77db104b3f50fa7e079
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 1425e91..7c829cd 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7a837af0e05b2583166686c9c4318de041c45d60
-Head: 965b78d1907aee9c2883d16ed9978379e22eccce
+Previous: 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
+Head: 3c492e4cb73b102004f78143627f4afcb4a941e8
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
+ refresh-temp: 3c492e4cb73b102004f78143627f4afcb4a941e8
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d4ce415
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,34 @@
+Bottom: 0eeefb1a35224c039dbbaef4f501176743a94c97
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:10:33 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 323268d..da50d18 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+-@safety{@mtunsafe{uunguard}}
+-@c This function is MT-Safe, but uses of the global locale object are
+-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+-@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c492e4cb73b102004f78143627f4afcb4a941e8
commit 3c492e4cb73b102004f78143627f4afcb4a941e8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
commit 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
Merge: bfddd8a 7a837af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:13 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bfddd8addf1b08bde28e5e930baf4961581eeb0e
commit bfddd8addf1b08bde28e5e930baf4961581eeb0e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:13 2013 -0300
rename
diff --git a/meta b/meta
index 25c936c..1425e91 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
+Previous: 7a837af0e05b2583166686c9c4318de041c45d60
Head: 965b78d1907aee9c2883d16ed9978379e22eccce
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
@@ -19,7 +19,7 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
+ wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
similarity index 100%
rename from patches/manual-document-mt-safety-locale.patch
rename to patches/wip-manual-document-mt-safety-locale.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=26ea2d6064d2c298f6270e127600518ef48d28cf
commit 26ea2d6064d2c298f6270e127600518ef48d28cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=965b78d1907aee9c2883d16ed9978379e22eccce
commit 965b78d1907aee9c2883d16ed9978379e22eccce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7a837af0e05b2583166686c9c4318de041c45d60
commit 7a837af0e05b2583166686c9c4318de041c45d60
Merge: bbfc066 965b78d 59ed620
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:01 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bbfc066da6cce7e47b8dadc31ccfb867fc966745
commit bbfc066da6cce7e47b8dadc31ccfb867fc966745
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:01 2013 -0300
float
diff --git a/meta b/meta
index 23045ee..25c936c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d1b5808eaefe152c160fe51db180ee67bf67caec
-Head: 59483ceaa7daf7600c59559794b428683ea152ba
+Previous: 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
+Head: 965b78d1907aee9c2883d16ed9978379e22eccce
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -19,9 +19,9 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
+ manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
- manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index 4eae5d6..05f521a 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: f75097e48123219d68b9307cd827515c123cf0b8
-Top: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 0eeefb1a35224c039dbbaef4f501176743a94c97
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59483ceaa7daf7600c59559794b428683ea152ba
commit 59483ceaa7daf7600c59559794b428683ea152ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59ed620f06b93f72d4bfeeffad6efccee52fb9f5
commit 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
Merge: 511dc6f d1b5808 59483ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=511dc6f08b227550f80aa028c77d89c8ddc6559d
commit 511dc6f08b227550f80aa028c77d89c8ddc6559d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
import
diff --git a/meta b/meta
index a5364f4..23045ee 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
-Head: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
+Previous: d1b5808eaefe152c160fe51db180ee67bf67caec
+Head: 59483ceaa7daf7600c59559794b428683ea152ba
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -18,6 +18,7 @@ Applied:
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
+ manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
new file mode 100644
index 0000000..274aefd
--- /dev/null
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -0,0 +1,649 @@
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:09:32 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/llio.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/llio.texi b/manual/llio.texi
+index b129cf4..66370c4 100644
+--- a/manual/llio.texi
++++ b/manual/llio.texi
+@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The @code{open} function creates and returns a new file descriptor for
+ the file named by @var{filename}. Initially, the file position
+ indicator for the file is at the beginning of the file. The argument
+@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{open}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ difference is that on 32 bit systems the file is opened in the
+@@ -178,6 +180,7 @@ replaces the old API.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is obsolete. The call:
+
+ @smallexample
+@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{creat}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ the difference is that on 32 bit systems the file is opened in the
+@@ -219,6 +223,7 @@ replaces the old API.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int close (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The function @code{close} closes the file descriptor @var{filedes}.
+ Closing a file has the following consequences:
+
+@@ -300,6 +305,7 @@ but must be a signed type.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{read} function reads up to @var{size} bytes from the file
+ with descriptor @var{filedes}, storing the results in the @var{buffer}.
+ (This is not necessarily a character string, and no terminating null
+@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, read and lseek back, but is it
++@c used anywhere?
+ The @code{pread} function is similar to the @code{read} function. The
+ first three arguments are identical, and the return values and error
+ codes also correspond.
+@@ -430,6 +440,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
++@c it used anywhere?
+ This function is similar to the @code{pread} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{write} function writes up to @var{size} bytes from
+ @var{buffer} to the file with descriptor @var{filedes}. The data in
+ @var{buffer} is not necessarily a character string and a null character is
+@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, write and lseek back, but is it
++@c used anywhere?
+ The @code{pwrite} function is similar to the @code{write} function. The
+ first three arguments are identical, and the return values and error codes
+ also correspond.
+@@ -592,6 +611,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
++@c is it used anywhere?
+ This function is similar to the @code{pwrite} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lseek} function is used to change the file position of the
+ file with descriptor @var{filedes}.
+
+@@ -713,6 +737,7 @@ descriptors.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to the @code{lseek} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ The @code{fdopen} function returns a new stream for the file descriptor
+ @var{filedes}.
+
+@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun int fileno (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the file descriptor associated with the stream
+ @var{stream}. If an error is detected (for example, if the @var{stream}
+ is not valid) or if @var{stream} does not do I/O to a file,
+@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fileno_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fileno_unlocked} function is equivalent to the @code{fileno}
+ function except that it does not implicitly lock the stream if the state
+ is @code{FSETLOCKING_INTERNAL}.
+@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+-
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer into which data is read, if the total read size is
++@c too large for alloca.
+ The @code{readv} function reads data from @var{filedes} and scatters it
+ into the buffers described in @var{vector}, which is taken to be
+ @var{count} structures long. As each buffer is filled, data is sent to the
+@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer from which data is written, if the total write size
++@c is too large for alloca.
+
+ The @code{writev} function gathers data from the buffers described in
+ @var{vector}, which is taken to be @var{count} structures long, and writes
+@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{mmap} function creates a new mapping, connected to bytes
+ (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
+@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
+ @comment sys/mman.h
+ @comment LFS
+ @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
++@c is) would be thread-unsafe.
+ The @code{mmap64} function is equivalent to the @code{mmap} function but
+ the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
+ this allows the file associated with the @var{filedes} descriptor to be
+@@ -1284,6 +1325,7 @@ replaces the old API.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int munmap (void *@var{addr}, size_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
+ @var{length}). @var{length} should be the length of the mapping.
+@@ -1310,6 +1352,7 @@ aligned.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ When using shared mappings, the kernel can write the file at any time
+ before the mapping is removed. To be certain data has actually been
+@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
+ @comment sys/mman.h
+ @comment GNU
+ @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to change the size of an existing memory
+ area. @var{address} and @var{length} must cover a region entirely mapped
+@@ -1405,6 +1449,7 @@ Coding Standards}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to provide the system with @var{advice} about
+ the intended usage patterns of the memory region starting at @var{addr}
+@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_ZERO (fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro initializes the file descriptor set @var{set} to be the
+ empty set.
+ @end deftypefn
+@@ -1538,6 +1584,9 @@ empty set.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro adds @var{filedes} to the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1547,6 +1596,9 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro removes @var{filedes} from the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1556,6 +1608,7 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value (true) if @var{filedes} is a member
+ of the file descriptor set @var{set}, and zero (false) otherwise.
+
+@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The select syscall is preferred, but pselect6 may be used instead,
++@c which requires converting timeout to a timespec and back. The
++@c conversions are not atomic.
+ The @code{select} function blocks the calling process until there is
+ activity on any of the specified sets of file descriptors, or until the
+ timeout period has expired.
+@@ -1670,6 +1727,7 @@ they return.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun void sync (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ A call to this function will not return as long as there is data which
+ has not been written to the device. All dirty buffers in the kernel will
+ be written and so an overall consistent system can be achieved (if no
+@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fsync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fsync} function can be used to make sure all data associated with
+ the open file @var{fildes} is written to the device associated with the
+ descriptor. The function call does not return unless all actions have
+@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fdatasync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ When a call to the @code{fdatasync} function returns, it is ensured
+ that all of the file data is written to the device. For all pending I/O
+ operations, the parts guaranteeing data integrity finished.
+@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_read (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Calls aio_enqueue_request.
++@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_self ok
++@c pthread_getschedparam selfdeadlock, lockleak
++@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
++@c sched_getparam ok
++@c sched_getscheduler ok
++@c lll_unlock lockleak
++@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
++@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
++@c realloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_attr_init ok
++@c pthread_attr_setdetachstate ok
++@c pthread_get_minstack ok
++@c pthread_attr_setstacksize ok
++@c sigfillset ok
++@c memset ok
++@c sigdelset ok [xguargs, but the caller's sigset is automatic]
++@c SYSCALL rt_sigprocmask ok
++@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c alloca/malloc asmalloc, memleak
++@c lll_unlock lockleak
++@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c getpagesize dup
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c lll_unlock lockleak
++@c _dl_allocate_tls asmalloc, memleak
++@c _dl_allocate_tls_storage asmalloc, memleak
++@c memalign asmalloc, memleak
++@c memset ok
++@c allocate_dtv dup
++@c free asmalloc, memleak
++@c allocate_dtv asmalloc, memleak
++@c calloc asmalloc, memleak
++@c INSTALL_DTV ok
++@c list_add dup
++@c get_cached_stack
++@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
++@c list_for_each ok
++@c list_entry dup
++@c FREE_P dup
++@c stack_list_del dup
++@c stack_list_add dup
++@c lll_unlock lockleak
++@c _dl_allocate_tls_init ok
++@c GET_DTV ok
++@c mmap ok
++@c atomic_increment_val ok
++@c munmap ok
++@c change_stack_perm ok
++@c mprotect ok
++@c mprotect ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c THREAD_COPY_STACK_GUARD ok
++@c THREAD_COPY_POINTER_GUARD ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (state_cache_lock) selfdeadlock, lockleak
++@c stack_list_del ok
++@c atomic_write_barrier ok
++@c list_del ok [uunguard]
++@c atomic_write_barrier ok
++@c queue_stack asmalloc, memleak
++@c stack_list_add ok
++@c atomic_write_barrier ok
++@c list_add ok [uunguard]
++@c atomic_write_barrier ok
++@c free_stacks asmalloc, memleak
++@c list_for_each_prev_safe ok
++@c list_entry ok
++@c FREE_P ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c _dl_deallocate_tls asmalloc, memleak
++@c free asmalloc, memleak
++@c lll_unlock lockleak
++@c create_thread selfdeadlock, asmalloc, lockleak, memleak
++@c td_eventword
++@c td_eventmask
++@c do_clone selfdeadlock, asmalloc, lockleak, memleak
++@c PREPARE_CREATE ok
++@c lll_lock (pd->lock) selfdeadlock, lockleak
++@c atomic_increment ok
++@c clone ok
++@c atomic_decrement ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack dup
++@c sched_setaffinity ok
++@c tgkill ok
++@c sched_setscheduler ok
++@c atomic_compare_and_exchange_bool_acq ok
++@c nptl_create_event ok
++@c lll_unlock (pd->lock) lockleak
++@c free asmalloc, memleak
++@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
++@c add_request_to_runlist ok [xguargs]
++@c pthread_cond_signal ok
++@c aio_free_request ok [xguargs]
++@c pthread_mutex_unlock lockleak
++
++@c (in the new thread, initiated with clone)
++@c start_thread ok
++@c HP_TIMING_NOW ok
++@c ctype_init [glocale] (in theory, but optimized into safety)
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c sigemptyset ok
++@c sigaddset ok
++@c setjmp ok
++@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
++@c do_cancel ok
++@c pthread_unwind ok
++@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
++@c lll_lock selfdeadlock, lockleak
++@c lll_unlock selfdeadlock, lockleak
++@c CANCEL_RESET -> pthread_disable_asynccancel ok
++@c lll_futex_wait ok
++@c ->start_routine ok -----
++@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
++@c user-supplied dtor
++@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
++@c rtld_lock_unlock_recursive lockleak
++@c free asmalloc, memleak
++@c nptl_deallocate_tsd asmalloc, memleak
++@c tsd user-supplied dtors ok
++@c free asmalloc, memleak
++@c libc_thread_freeres
++@c libc_thread_subfreeres ok
++@c atomic_decrement_and_test ok
++@c td_eventword ok
++@c td_eventmask ok
++@c atomic_compare_exchange_bool_acq ok
++@c nptl_death_event ok
++@c lll_robust_dead ok
++@c getpagesize ok
++@c madvise ok
++@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
++@c free asmalloc, memleak
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_futex_wait ok
++@c exit_thread_inline ok
++@c syscall(exit) ok
++
+ This function initiates an asynchronous read operation. It
+ immediately returns after the operation was enqueued or when an
+ error was encountered.
+@@ -1988,6 +2200,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_read} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{aio_read64} uses
+@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_write (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function initiates an asynchronous write operation. The function
+ call immediately returns after the operation was enqueued or if before
+ this happens an error was encountered.
+@@ -2072,6 +2286,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_write} function. The only
+ difference is that on @w{32 bit} machines the file descriptor should
+ be opened in the large file mode. Internally @code{aio_write64} uses
+@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
++@c enqueues each request. Then, it waits for notification or prepares
++@c for it before releasing the lock. Even though it performs memory
++@c allocation and locking of its own, it doesn't add any classes of
++@c safety issues that aren't already covered by aio_enqueue_request.
+ The @code{lio_listio} function can be used to enqueue an arbitrary
+ number of read and write requests at one time. The requests can all be
+ meant for the same file, all for different files or every solution in
+@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{lio_listio} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{lio_listio64} uses
+@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function determines the error state of the request described by the
+ @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
+ request has not yet terminated the value returned is always
+@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_error} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2238,6 +2462,7 @@ machines.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function can be used to retrieve the return status of the operation
+ carried out by the request described in the variable pointed to by
+ @var{aiocbp}. As long as the error status of this request as returned
+@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_return} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check that the FD is open, it calls
++@c aio_enqueue_request.
+ Calling this function forces all I/O operations operating queued at the
+ time of the function call operating on the file descriptor
+ @code{aiocbp->aio_fildes} into the synchronized I/O completion state
+@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_fsync} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c Take aio_requests_mutex, set up waitlist and requestlist, wait
++@c for completion or timeout, and release the mutex.
+ When calling this function, the calling thread is suspended until at
+ least one of the requests pointed to by the @var{nent} elements of the
+ array @var{list} has completed. If any of the requests has already
+@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is similar to @code{aio_suspend} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check the fd is open, hold aio_requests_mutex, call
++@c aio_find_req_fd, aio_remove_request, then aio_notify and
++@c aio_free_request each request before releasing the lock.
++@c aio_notify calls aio_notify_only and free, besides cond signal or
++@c similar. aio_notify_only calls pthread_attr_init,
++@c pthread_attr_setdetachstate, malloc, pthread_create,
++@c notify_func_wrapper, aio_sigqueue, getpid, raise.
++@c notify_func_wraper calls aio_start_notify_thread, free and then the
++@c notifier function.
+ The @code{aio_cancel} function can be used to cancel one or more
+ outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
+ function tries to cancel all of the outstanding requests which would process
+@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_cancel} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2529,6 +2774,8 @@ Unused.
+ @comment aio.h
+ @comment GNU
+ @deftypefun void aio_init (const struct aioinit *@var{init})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c All changes to global objects are guarded by aio_requests_mutex.
+ This function must be called before any other AIO function. Calling it
+ is completely voluntary, as it is only meant to help the AIO
+ implementation perform better.
+@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcntl} function performs the operation specified by
+ @var{command} on the file descriptor @var{filedes}. Some commands
+ require additional arguments to be supplied. These additional arguments
+@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup (int @var{old})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies descriptor @var{old} to the first available
+ descriptor number (the first number not currently open). It is
+ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup2 (int @var{old}, int @var{new})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies the descriptor @var{old} to descriptor number
+ @var{new}.
+
+@@ -3631,6 +3881,7 @@ different headers.
+ @comment sys/ioctl.h
+ @comment BSD
+ @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{ioctl} function performs the generic I/O operation
+ @var{command} on @var{filedes}.
+@@ -3650,3 +3901,6 @@ unknown device.
+ Most IOCTLs are OS-specific and/or only used in special system utilities,
+ and are thus beyond the scope of this document. For an example of the use
+ of an IOCTL, see @ref{Out-of-Band Data}.
++
++@c FIXME this is undocumented:
++@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
commit ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1b5808eaefe152c160fe51db180ee67bf67caec
commit d1b5808eaefe152c160fe51db180ee67bf67caec
Merge: 933d2fb 55b9c1e ca4e6ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=933d2fb03531dd5c728702c576b3864b549ef2a1
commit 933d2fb03531dd5c728702c576b3864b549ef2a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
import
diff --git a/meta b/meta
index 57830af..a5364f4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: bb876ad58dc08465bbe11d035994ca2dfd5f198e
-Head: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
+Previous: 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
+Head: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -17,6 +17,7 @@ Applied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
+ manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
new file mode 100644
index 0000000..51626a1
--- /dev/null
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -0,0 +1,30 @@
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:59 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/libdl.texi: New.
+
+
+---
+
+diff --git a/manual/libdl.texi b/manual/libdl.texi
+new file mode 100644
+index 0000000..e3fe045
+--- /dev/null
++++ b/manual/libdl.texi
+@@ -0,0 +1,10 @@
++@c FIXME these are undocumented:
++@c dladdr
++@c dladdr1
++@c dlclose
++@c dlerror
++@c dlinfo
++@c dlmopen
++@c dlopen
++@c dlsym
++@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
commit a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
commit 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
Merge: 647690f a7fd5e4 bb876ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=647690fef25dc2fe30b41c6d6c4653a932f0d514
commit 647690fef25dc2fe30b41c6d6c4653a932f0d514
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
import
diff --git a/meta b/meta
index 3b789ad..57830af 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
-Head: 138c83afb5f7d92dcac1049f150b154d43addda2
+Previous: bb876ad58dc08465bbe11d035994ca2dfd5f198e
+Head: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -16,6 +16,7 @@ Applied:
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
+ manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
new file mode 100644
index 0000000..eef82af
--- /dev/null
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -0,0 +1,81 @@
+Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:32 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/lang.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/lang.texi b/manual/lang.texi
+index ee04e23..d6cd90c 100644
+--- a/manual/lang.texi
++++ b/manual/lang.texi
+@@ -51,6 +51,8 @@ without indicating anything might be wrong.
+ @comment assert.h
+ @comment ISO
+ @deftypefn Macro void assert (int @var{expression})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Verify the programmer's belief that @var{expression} is nonzero at
+ this point in the program.
+
+@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
+ @comment assert.h
+ @comment GNU
+ @deftypefn Macro void assert_perror (int @var{errnum})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Similar to @code{assert}, but verifies that @var{errnum} is zero.
+
+ If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
+@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This macro initializes the argument pointer variable @var{ap} to point
+ to the first of the optional arguments of the current function;
+ @var{last-required} must be the last required argument to the function.
+@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_arg} macro returns the value of the next optional argument,
+ and modifies the value of @var{ap} to point to the subsequent argument.
+ Thus, successive uses of @code{va_arg} return successive optional
+@@ -445,6 +453,8 @@ of the actual argument.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_end (va_list @var{ap})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This ends the use of @var{ap}. After a @code{va_end} call, further
+ @code{va_arg} calls with the same @var{ap} may not work. You should invoke
+ @code{va_end} before returning from the function in which @code{va_start}
+@@ -466,6 +476,8 @@ of the same type.
+ @comment ISO
+ @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
+ @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_copy} macro allows copying of objects of type
+ @code{va_list} even if this is not an integral type. The argument pointer
+ in @var{dest} is initialized to point to the same argument as the
+@@ -1212,6 +1224,8 @@ type of a particular structure member.
+ @comment stddef.h
+ @comment ISO
+ @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This expands to a integer constant expression that is the offset of the
+ structure member named @var{member} in the structure type @var{type}.
+ For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=138c83afb5f7d92dcac1049f150b154d43addda2
commit 138c83afb5f7d92dcac1049f150b154d43addda2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bb876ad58dc08465bbe11d035994ca2dfd5f198e
commit bb876ad58dc08465bbe11d035994ca2dfd5f198e
Merge: ed1d024 9eb0f35 138c83a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed1d02477c67d2906fb070681314349d24dc384b
commit ed1d02477c67d2906fb070681314349d24dc384b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
import
diff --git a/meta b/meta
index 8fbf811..3b789ad 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 92919fc25ad418c3e600d2ebfd89c21e91e8802d
-Head: c48dff451b9a543c5f827092417468a0d6672c59
+Previous: 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
+Head: 138c83afb5f7d92dcac1049f150b154d43addda2
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+ manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
new file mode 100644
index 0000000..b4d3b96
--- /dev/null
+++ b/patches/manual-document-mt-safety-job.patch
@@ -0,0 +1,123 @@
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:15 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/job.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/job.texi b/manual/job.texi
+index 4efeed3..779ea96 100644
+--- a/manual/job.texi
++++ b/manual/job.texi
+@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {char *} ctermid (char *@var{string})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This function is a stub by default; the actual implementation, for
++@c posix systems, returns an internal buffer if passed a NULL string,
++@c but the internal buffer is always set to /dev/tty.
+ The @code{ctermid} function returns a string containing the file name of
+ the controlling terminal for the current process. If @var{string} is
+ not a null pointer, it should be an array that can hold at least
+@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t setsid (void)
++@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
++@c This is usually a direct syscall, but if a syscall is not available,
++@c we use a stub, or Hurd- and BSD-specific implementations. The former
++@c uses a mutex and a hurd critical section, and the latter issues a few
++@c syscalls, so both seem safe, except for the locking on Hurd.
+ The @code{setsid} function creates a new session. The calling process
+ becomes the session leader, and is put in a new process group whose
+ process group ID is the same as the process ID of that process. There
+@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
+ @comment unistd.h
+ @comment SVID
+ @deftypefun pid_t getsid (pid_t @var{pid})
+-
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{getsid} function returns the process group ID of the session
+ leader of the specified process. If a @var{pid} is @code{0}, the
+ process group ID of the session leader of the current process is
+@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The POSIX.1 definition of @code{getpgrp} returns the process group ID of
+ the calling process.
+ @end deftypefn
+@@ -1141,6 +1153,8 @@ the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The BSD definition of @code{getpgrp} returns the process group ID of the
+ process @var{pid}. You can supply a value of @code{0} for the @var{pid}
+ argument to get information about the calling process.
+@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
+ @comment unistd.h
+ @comment SVID
+ @deftypefn {System V Function} int getpgid (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+
+ @code{getpgid} is the same as the BSD function @code{getpgrp}. It
+ returns the process group ID of the process @var{pid}. You can supply a
+@@ -1171,6 +1187,8 @@ process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{setpgid} function puts the process @var{pid} into the process
+ group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
+ be zero to indicate the process ID of the calling process.
+@@ -1208,6 +1226,8 @@ process or a child of the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall or setpgid wrapper.
+ This is the BSD Unix name for @code{setpgid}. Both functions do exactly
+ the same thing.
+ @end deftypefun
+@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t tcgetpgrp (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function returns the process group ID of the foreground process
+ group associated with the terminal open on descriptor @var{filedes}.
+
+@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function is used to set a terminal's foreground process group ID.
+ The argument @var{filedes} is a descriptor which specifies the terminal;
+ @var{pgid} specifies the process group. The calling process must be a
+@@ -1297,6 +1321,8 @@ process.
+ @comment termios.h
+ @comment Unix98
+ @deftypefun pid_t tcgetsid (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
+ This function is used to obtain the process group ID of the session
+ for which the terminal specified by @var{fildes} is the controlling terminal.
+ If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
commit 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
Merge: 13c32a1 92919fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:05 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=13c32a1b05e4fe8016b283ac793185f0befbbd41
commit 13c32a1b05e4fe8016b283ac793185f0befbbd41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:05 2013 -0300
push
diff --git a/meta b/meta
index fd57941..8fbf811 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b4537d0a04428bf9cee6e267a5f57dbdd3301329
-Head: d1d06a086358b876405130714e2c5cf0d7740ab8
+Previous: 92919fc25ad418c3e600d2ebfd89c21e91e8802d
+Head: c48dff451b9a543c5f827092417468a0d6672c59
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -14,8 +14,8 @@ Applied:
manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
-Unapplied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92919fc25ad418c3e600d2ebfd89c21e91e8802d
commit 92919fc25ad418c3e600d2ebfd89c21e91e8802d
Merge: 1b05d1f b4537d0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:01 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1b05d1ffbe01790bcb6afa26a3814eb688d2d9d9
commit 1b05d1ffbe01790bcb6afa26a3814eb688d2d9d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:01 2013 -0300
pop
diff --git a/meta b/meta
index ee8ca34..fd57941 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8f0d964f583cad6e1513d3ee7521ebca819e5751
-Head: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
+Previous: b4537d0a04428bf9cee6e267a5f57dbdd3301329
+Head: d1d06a086358b876405130714e2c5cf0d7740ab8
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -14,10 +14,10 @@ Applied:
manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
+Unapplied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b4537d0a04428bf9cee6e267a5f57dbdd3301329
commit b4537d0a04428bf9cee6e267a5f57dbdd3301329
Merge: 2ce7724 4546f1e 8f0d964
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:54 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2ce7724e0875f99da3acbe4b4f8b238fe67a7166
commit 2ce7724e0875f99da3acbe4b4f8b238fe67a7166
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:54 2013 -0300
push
diff --git a/meta b/meta
index 00e3714..ee8ca34 100644
--- a/meta
+++ b/meta
@@ -1,23 +1,23 @@
Version: 1
-Previous: b4d906acf0574484a2eee239e7c46c7e060297be
-Head: 351fb371fa127df8fa5e27b38a330e4258b35180
+Previous: 8f0d964f583cad6e1513d3ee7521ebca819e5751
+Head: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
+ powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
+ unused-scalb-is-scalbn.patch: 62694b21850cd676e82306bc82418b952b9d3d31
+ manual-document-mt-safety-argp.patch: 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
+ manual-document-mt-safety-arith.patch: 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
+ manual-document-mt-safety-charset.patch: 296ae41496afc524f6f75648a3298a5419b46990
+ manual-document-mt-safety-conf.patch: 95b0911edf2eb244430d9533ec0a8a3f7058581c
+ manual-document-mt-safety-crypt.patch: e600904c5eab885a1a7c8aef6bb2f570bd201275
+ manual-document-mt-safety-ctype.patch: 727a9c49e98194570a2c85e47c355bcc55398cd9
+ manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
+ manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
+ manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
+ manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+ manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
+ manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
+ manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
+ manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
- unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
- manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
- manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
- manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
- manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
- manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
- manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
- manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
- manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
- manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
- manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
- manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 5313e9f..914e844 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: 159ee8e039a2ee1968f5b806b99cb2c568c31678
+Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index b25c52a..49b1456 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 159ee8e039a2ee1968f5b806b99cb2c568c31678
-Top: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Top: 260809414e54f35864ab54b52fdbff3517f05f2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index d61f282..c4d22ae 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
-Top: 214fcee1fc2244efd3fa34e70667561366631af6
+Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
+Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index dc5d0aa..0db760e 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 214fcee1fc2244efd3fa34e70667561366631af6
-Top: 01a0439b7c735fb096210cab50592ed7ae588e00
+Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Top: 621eb53ac8713123406be43ebd474132b7c6e4de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 8311afe..20411b6 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 01a0439b7c735fb096210cab50592ed7ae588e00
-Top: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
+Top: 25551ef91682bea014db1b2031e4dad60a4ba129
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index f682ded..8700f8e 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 9879c04c4ffa34225360a9359ba3d098a05a208c
-Top: ef2aa24039042b2529772d0209797c599eb01fbe
+Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
+Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index c31f434..2063a20 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: ef2aa24039042b2529772d0209797c599eb01fbe
-Top: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 75e4099..7b30386 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: d9693aa296c06ebe3fdaa8817d28a446b893fe25
-Top: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 5f9b89d..7b4e146 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: e0c86b7119156c45d45fc7b8853dfb0c950448cb
-Top: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index d1ce979..753c8f5 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c99f368a71f19ba8429c3534e1b674f3a20de73e
-Top: eaf7ea9f21df96f6e1ba6d92a8b44a2546e980f4
+Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Top: 18760d732995b8379bc372377398a8fd58732762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index a5cc454..4eae5d6 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e394e37491899340294bfd977f43c098c558c2b1
-Top: e7a76e5bc200b56429777851aab7bce4bcbb7c56
+Bottom: f75097e48123219d68b9307cd827515c123cf0b8
+Top: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index ebdf1e4..336844e 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: e7a76e5bc200b56429777851aab7bce4bcbb7c56
-Top: 493d959bda4db41836ea91b2b9685b47ab733575
+Bottom: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
+Top: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index fb0f44d..ad86e9d 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
-Top: 9d00eea6735363e6e80869186f9fb160ee3e5642
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: f75097e48123219d68b9307cd827515c123cf0b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 403d0e3..0350f71 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,1852 +12,6 @@ for ChangeLog
---
-diff --git a/manual/argp.texi b/manual/argp.texi
-index c9fbe97..5322f91 100644
---- a/manual/argp.texi
-+++ b/manual/argp.texi
-@@ -36,6 +36,35 @@ needed in @code{main}.
- @comment argp.h
- @comment GNU
- @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
-+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Optionally alloca()tes standard help options, initializes the parser,
-+@c then parses individual args in a loop, and then finalizes.
-+@c parser_init
-+@c calc_sizes ok
-+@c option_is_end ok
-+@c malloc
-+@c parser_convert glocale
-+@c convert_options glocale
-+@c option_is_end ok
-+@c option_is_short ok
-+@c isprint, but locale may change within the loop
-+@c find_long_option ok
-+@c group_parse
-+@c group->parser (from argp->parser)
-+@c parser_parse_next
-+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
-+@c parser_parse_arg
-+@c group_parse
-+@c parser_parse_opt
-+@c group_parse
-+@c argp_error
-+@c dgettext (bad key error)
-+@c parser_finalize
-+@c group_parse
-+@c fprintf
-+@c dgettext
-+@c arg_state_help
-+@c free
- The @code{argp_parse} function parses the arguments in @var{argv}, of
- length @var{argc}, using the argp parser @var{argp}. @xref{Argp
- Parsers}. Passing a null pointer for @var{argp} is the same as using
-@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_usage (const struct argp_state *@var{state})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
- Outputs the standard usage message for the argp parser referred to by
- @var{state} to @code{@var{state}->err_stream} and terminate the program
- with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
-@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Lock stream, vasprintf the formatted message into a buffer, print the
-+@c buffer prefixed by the short program name (in libc,
-+@c argp_short_program_name is a macro that expands to
-+@c program_invocation_short_name), releases the buffer, then call
-+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
-+@c stream at the end.
- Prints the printf format string @var{fmt} and following args, preceded
- by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
- --help}} message, and terminates the program with an exit status of
-@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
- @comment argp.h
- @comment GNU
- @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
-+@c Lock stream, write out the short program name, vasprintf the optional
-+@c formatted message to a buffer, print the buffer prefixed by colon and
-+@c blank, release the buffer, call strerror_r with an automatic buffer,
-+@c print it out after colon and blank, put[w]c a line break, unlock the
-+@c stream, then exit unless ARGP_NO_EXIT.
- Similar to the standard gnu error-reporting function @code{error}, this
- prints the program name and @samp{:}, the printf format string
- @var{fmt}, and the appropriate following args. If it is non-zero, the
-@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help with the short program name and optionally exit.
-+@c The main problems in _help, besides the usual issues with stream I/O
-+@c and translation, are the use of a static buffer (uparams) that makes
-+@c the whole thing thread-unsafe, reading from the environment for
-+@c ARGP_HELP_FMT, accessing the locale object multiple times.
-+
-+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext asi18n
-+@c flockfile lockleak
-+@c funlockfile lockleak
-+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
-+@c argp_failure dup (status = errnum = 0)
-+@c atoi dup
-+@c argp_hol asmalloc, memleak
-+@c make_hol asmalloc, memleak
-+@c hol_add_cluster asmalloc, memleak
-+@c hol_append asmalloc, memleak
-+@c hol_set_group ok
-+@c hol_find_entry ok
-+@c hol_sort glocale, asmalloc, memleak
-+@c qsort asmalloc, memleak
-+@c hol_entry_qcmp glocale
-+@c hol_entry_cmp glocale
-+@c group_cmp ok
-+@c hol_cluster_cmp ok
-+@c group_cmp ok
-+@c hol_entry_first_short glocale
-+@c hol_entry_short_iterate [glocale]
-+@c until_short ok
-+@c oshort ok
-+@c isprint ok
-+@c odoc ok
-+@c hol_entry_first_long ok
-+@c canon_doc_option glocale
-+@c tolower dup
-+@c hol_usage glocale, asi18n, asmalloc, memleak
-+@c hol_entry_short_iterate ok
-+@c add_argless_short_opt ok
-+@c argp_fmtstream_printf dup
-+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
-+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
-+@c dgettext dup
-+@c argp_fmtstream_printf dup
-+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
-+@c usage_long_opt glocale, asi18n, asmalloc, memleak
-+@c dgettext dup
-+@c argp_fmtstream_printf dup
-+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_set_lmargin dup
-+@c argp_fmtstream_wmargin dup
-+@c argp_fmtstream_set_wmargin dup
-+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_putc dup
-+@c hol_cluster_is_child ok
-+@c argp_fmtstream_wmargin dup
-+@c print_header dup
-+@c argp_fmtstream_set_wmargin dup
-+@c argp_fmtstream_puts dup
-+@c indent_to dup
-+@c argp_fmtstream_putc dup
-+@c arg glocale, asmalloc, memleak
-+@c argp_fmtstream_printf dup
-+@c odoc dup
-+@c argp_fmtstream_puts dup
-+@c argp_fmtstream_printf dup
-+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext dup
-+@c filter_doc dup
-+@c argp_fmtstream_putc dup
-+@c indent_to dup
-+@c argp_fmtstream_set_lmargin dup
-+@c argp_fmtstream_set_wmargin dup
-+@c argp_fmtstream_puts dup
-+@c free dup
-+@c filter_doc dup
-+@c argp_fmtstream_point dup
-+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_point dup
-+@c argp_fmtstream_putc dup
-+@c dgettext dup
-+@c filter_doc dup
-+@c argp_fmtstream_putc dup
-+@c argp_fmtstream_puts dup
-+@c free dup
-+@c hol_free asmalloc, memleak
-+@c free dup
-+@c argp_args_levels ok
-+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c dgettext dup
-+@c filter_doc ok
-+@c argp_input ok
-+@c argp->help_filter
-+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_point dup
-+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_putc dup
-+@c argp_fmtstream_write dup
-+@c free dup
-+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext asi18n
-+@c strndup asmalloc, memleak
-+@c argp_input dup
-+@c argp->help_filter
-+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_ensure dup
-+@c argp_fmtstream_write dup
-+@c argp_fmtstream_puts dup
-+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_lmargin dup
-+@c free dup
-+@c argp_make_fmtstream asmalloc, memleak
-+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
-+@c put[w]c_unlocked dup
-+@c isblank in loop glocale
-+@c fxprintf lockleak
-+@c fxprintf lockleak
-+@c free dup
-+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_printf glocale, asmalloc, memleak
-+@c argp_fmtstream_ensure dup
-+@c vsnprintf dup
-+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c fxprintf lockleak
-+@c realloc asmalloc, memleak
- Outputs a help message for the argp parser referred to by @var{state},
- to @var{stream}. The @var{flags} argument determines what sort of help
- message is produced. @xref{Argp Help Flags}.
-@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help.
- This outputs a help message for the argp parser @var{argp} to
- @var{stream}. The type of messages printed will be determined by
- @var{flags}.
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 833e0c9..5c3aa9d 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -323,6 +323,7 @@ floating-point number a variable holds.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is a generic macro which works on all floating-point types and
- which returns a value of type @code{int}. The possible values are:
-
-@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite: not plus or
- minus infinity, and not NaN. It is equivalent to
-
-@@ -373,6 +375,7 @@ floating-point type.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite and normalized.
- It is equivalent to
-
-@@ -384,6 +387,7 @@ It is equivalent to
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is NaN. It is equivalent
- to
-
-@@ -395,6 +399,7 @@ to
- @comment math.h
- @comment GNU
- @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is a signaling NaN
- (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
- extension.
-@@ -2443,6 +2448,32 @@ as well.
- @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
- @c mpn, but it's all safe.
-+@c
-+@c round_and_return
-+@c get_rounding_mode ok
-+@c mpn_add_1 ok
-+@c mpn_rshift ok
-+@c MPN_ZERO ok
-+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
-+@c str_to_mpn
-+@c mpn_mul_1 -> umul_ppmm ok
-+@c mpn_add_1 ok
-+@c mpn_lshift_1 -> mpn_lshift ok
-+@c STRTOF_INTERNAL
-+@c MPN_VAR ok
-+@c SET_MANTISSA ok
-+@c STRNCASECMP ok, wide and narrow
-+@c round_and_return ok
-+@c mpn_mul ok
-+@c mpn_addmul_1 ok
-+@c ... mpn_sub
-+@c mpn_lshift ok
-+@c udiv_qrnnd ok
-+@c count_leading_zeros ok
-+@c add_ssaaaa ok
-+@c sub_ddmmss ok
-+@c umul_ppmm ok
-+@c mpn_submul_1 ok
- The @code{strtod} (``string-to-double'') function converts the initial
- part of @var{string} to a floating-point number, which is returned as a
- value of type @code{double}.
-diff --git a/manual/charset.texi b/manual/charset.texi
-index e21502e..7e6c416 100644
---- a/manual/charset.texi
-+++ b/manual/charset.texi
-@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
- @comment wchar.h
- @comment ISO
- @deftypefun int mbsinit (const mbstate_t *@var{ps})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c ps is dereferenced once, unguarded. Potential harmless data race.
- The @code{mbsinit} function determines whether the state object pointed
- to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
- the object is in the initial state the return value is nonzero. Otherwise
-@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
- @comment wchar.h
- @comment ISO
- @deftypefun wint_t btowc (int @var{c})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Calls btowc_fct or __fct; reads from locale, and from the
-+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
-+@c __wcsmbs_load_conv to initialize the ctype if it's null.
-+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
-+@c memory for the fcts structure, initializing it, and then storing it
-+@c in the locale object. The initialization involves dlopening and a
-+@c lot more.
- The @code{btowc} function (``byte to wide character'') converts a valid
- single byte character @var{c} in the initial shift state into the wide
- character equivalent using the conversion rules from the currently
-@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
- @comment wchar.h
- @comment ISO
- @deftypefun int wctob (wint_t @var{c})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wctob} function (``wide character to byte'') takes as the
- parameter a valid wide character. If the multibyte representation for
- this character in the initial state is exactly one byte long, the return
-@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- @cindex stateful
- The @code{mbrtowc} function (``multibyte restartable to wide
- character'') converts the next multibyte character in the string pointed
-@@ -728,6 +740,7 @@ function that does part of the work.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbrlen} function (``multibyte restartable length'') computes
- the number of at most @var{n} bytes starting at @var{s}, which form the
- next valid and complete multibyte character.
-@@ -811,6 +824,50 @@ doing the work twice.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c wcrtomb uses a static, non-thread-local unguarded state variable when
-+@c PS is NULL. When a state is passed in, and it's not used
-+@c concurrently in other threads, this function behaves safely as long
-+@c as gconv modules don't bring MT safety issues of their own.
-+@c Attempting to load gconv modules or to build conversion chains in
-+@c signal handlers may encounter gconv databases or caches in a
-+@c partially-updated state, and asynchronous cancellation may leave them
-+@c in such states, besides leaking the lock that guards them.
-+@c get_gconv_fcts ok
-+@c wcsmbs_load_conv ok
-+@c norm_add_slashes ok
-+@c wcsmbs_getfct ok
-+@c gconv_find_transform ok
-+@c gconv_read_conf (libc_once)
-+@c gconv_lookup_cache ok
-+@c find_module_idx ok
-+@c find_module ok
-+@c gconv_find_shlib (ok)
-+@c ->init_fct (assumed ok)
-+@c gconv_get_builtin_trans ok
-+@c gconv_release_step ok
-+@c do_lookup_alias ok
-+@c find_derivation ok
-+@c derivation_lookup ok
-+@c increment_counter ok
-+@c gconv_find_shlib ok
-+@c step->init_fct (assumed ok)
-+@c gen_steps ok
-+@c gconv_find_shlib ok
-+@c dlopen (presumed ok)
-+@c dlsym (presumed ok)
-+@c step->init_fct (assumed ok)
-+@c step->end_fct (assumed ok)
-+@c gconv_get_builtin_trans ok
-+@c gconv_release_step ok
-+@c add_derivation ok
-+@c gconv_close_transform ok
-+@c gconv_release_step ok
-+@c step->end_fct (assumed ok)
-+@c gconv_release_shlib ok
-+@c dlclose (presumed ok)
-+@c gconv_release_cache ok
-+@c ->tomb->__fct (assumed ok)
- The @code{wcrtomb} function (``wide character restartable to
- multibyte'') converts a single wide character into a multibyte string
- corresponding to that wide character.
-@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbsrtowcs} function (``multibyte string restartable to wide
- character string'') converts an NUL-terminated multibyte character
- string at @code{*@var{src}} into an equivalent wide character string,
-@@ -1039,6 +1097,7 @@ length and passing this length to the function.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcsrtombs} function (``wide character string restartable to
- multibyte string'') converts the NUL-terminated wide character string at
- @code{*@var{src}} into an equivalent multibyte character string and
-@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
- @comment wchar.h
- @comment GNU
- @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
- function. All the parameters are the same except for @var{nmc}, which is
- new. The return value is the same as for @code{mbsrtowcs}.
-@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
- @comment wchar.h
- @comment GNU
- @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcsnrtombs} function implements the conversion from wide
- character strings to multibyte character strings. It is similar to
- @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
-@@ -1280,6 +1341,7 @@ conversion functions.}
- @comment stdlib.h
- @comment ISO
- @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbtowc} (``multibyte to wide character'') function when called
- with non-null @var{string} converts the first multibyte character
- beginning at @var{string} to its corresponding wide character code. It
-@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
- @comment stdlib.h
- @comment ISO
- @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wctomb} (``wide character to multibyte'') function converts
- the wide character code @var{wchar} to its corresponding multibyte
- character sequence, and stores the result in bytes starting at
-@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
- @comment stdlib.h
- @comment ISO
- @deftypefun int mblen (const char *@var{string}, size_t @var{size})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mblen} function with a non-null @var{string} argument returns
- the number of bytes that make up the multibyte character beginning at
- @var{string}, never examining more than @var{size} bytes. (The idea is
-@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
- @comment stdlib.h
- @comment ISO
- @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Odd... Although this is in the non-reentrant section, the state
-+@c object is automatic, not a static buffer.
- The @code{mbstowcs} (``multibyte string to wide character string'')
- function converts the null-terminated string of multibyte characters
- @var{string} to an array of wide character codes, storing not more than
-@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
- @comment stdlib.h
- @comment ISO
- @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcstombs} (``wide character string to multibyte string'')
- function converts the null-terminated wide character array @var{wstring}
- into a string containing multibyte characters, storing not more than
-@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
- @comment iconv.h
- @comment XPG2
- @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
-+@c strip and upstr on both, then gconv_open. strip and upstr call
-+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
-+@c tokenize toset, replace unspecified codesets with the current locale
-+@c (posibly two different accesses), and finally it calls
-+@c gconv_find_transform and initializes the gconv_t result with all the
-+@c steps in the conversion sequence, running each one's initializer,
-+@c destructing and releasing them all if anything fails.
-+
- The @code{iconv_open} function has to be used before starting a
- conversion. The two parameters this function takes determine the
- source and destination character set for the conversion, and if the
-@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
- @comment iconv.h
- @comment XPG2
- @deftypefun int iconv_close (iconv_t @var{cd})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
-+@c Calls gconv_close to destruct and release each of the conversion
-+@c steps, release the gconv_t object, then call gconv_close_transform.
-+@c Access to the gconv_t object is not guarded, but calling iconv_close
-+@c concurrently with any other use is undefined.
-+
- The @code{iconv_close} function frees all resources associated with the
- handle @var{cd}, which must have been returned by a successful call to
- the @code{iconv_open} function.
-@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
- @comment iconv.h
- @comment XPG2
- @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
-+@c Without guarding access to the gconv_t object pointed to by cd, call
-+@c the conversion function to convert inbuf or flush the internal
-+@c conversion state.
- @cindex stateful
- The @code{iconv} function converts the text in the input buffer
- according to the rules associated with the descriptor @var{cd} and
-diff --git a/manual/conf.texi b/manual/conf.texi
-index 7eb8b36..edbb2fd 100644
---- a/manual/conf.texi
-+++ b/manual/conf.texi
-@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} sysconf (int @var{parameter})
-+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
-+@c Some parts of the implementation open /proc and /sys files and dirs
-+@c to collect system details, using fd and stream I/O depending on the
-+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
-+@c calls tzset_internal, that calls getenv if it's called the first
-+@c time; there are free and strdup calls in there too. The returned max
-+@c value may change over time for TZNAME_MAX, depending on selected
-+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
-+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
-+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
-+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
- This function is used to inquire about runtime system parameters. The
- @var{parameter} argument should be one of the @samp{_SC_} symbols listed
- below.
-@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
-+@c When __statfs_link_max finds an ext* filesystem, it may read
-+@c /proc/mounts or similar as a mntent stream.
-+@c __statfs_chown_restricted may read from
-+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
- This function is used to inquire about the limits that apply to
- the file named @var{filename}.
-
-@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
-+@c Same caveats as pathconf.
- This is just like @code{pathconf} except that an open file descriptor
- is used to specify the file for which information is requested, instead
- of a file name.
-@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
- @comment unistd.h
- @comment POSIX.2
- @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function reads the value of a string-valued system parameter,
- storing the string into @var{len} bytes of memory space starting at
- @var{buf}. The @var{parameter} argument should be one of the
-diff --git a/manual/crypt.texi b/manual/crypt.texi
-index ef90590..5c9f6f7 100644
---- a/manual/crypt.texi
-+++ b/manual/crypt.texi
-@@ -92,7 +92,13 @@ in a convenient way.
- @comment unistd.h
- @comment BSD
- @deftypefun {char *} getpass (const char *@var{prompt})
--
-+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
-+@c This function will attempt to create a stream for terminal I/O, but
-+@c will fallback to stdio/stderr. It attempts to change the terminal
-+@c mode in a thread-unsafe way, write out the prompt, read the password,
-+@c then restore the terminal mode. It has a cleanup to close the stream
-+@c in case of (synchronous) cancellation, but not to restore the
-+@c terminal mode.
- @code{getpass} outputs @var{prompt}, then reads a string in from the
- terminal without echoing it. It tries to connect to the real terminal,
- @file{/dev/tty}, if possible, to encourage users not to put plaintext
-@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
-+@c Besides the obvious problem of returning a pointer into static
-+@c storage, the DES initializer takes an internal lock with the usual
-+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
-+@c NSS implementations of may leak file descriptors if canceled. The
-+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
-+@c and NSS relies on dlopening, which brings about another can of worms.
-
- The @code{crypt} function takes a password, @var{key}, as a string, and
- a @var{salt} character array which is described below, and returns a
-@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
- @comment crypt.h
- @comment GNU
- @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
-+@c Compared with crypt, this function fixes the staticbuf problem, but
-+@c nothing else.
-
- The @code{crypt_r} function does the same thing as @code{crypt}, but
- takes an extra parameter which includes space for its result (among
-@@ -233,6 +249,11 @@ specifies the unused bits.
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun void setkey (const char *@var{key})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-+@c The static buffer stores the key, making it fundamentally
-+@c thread-unsafe. The locking issues are only in the initialization
-+@c path; cancelling the initialization will leave the lock held, it
-+@c would otherwise repeat the initialization on the next call.
-
- The @code{setkey} function sets an internal data structure to be an
- expanded form of @var{key}. @var{key} is specified as an array of 64
-@@ -244,6 +265,8 @@ parity.
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun void encrypt (char *@var{block}, int @var{edflag})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-+@c Same issues as setkey.
-
- The @code{encrypt} function encrypts @var{block} if
- @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
-@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
- @comment crypt.h
- @comment GNU
- @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
- @comment crypt.h
- @comment GNU
- @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-
- These are reentrant versions of @code{setkey} and @code{encrypt}. The
- only difference is the extra parameter, which stores the expanded
-@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{ecb_crypt} encrypts or decrypts one or more blocks
- using DES. Each block is encrypted independently.
-@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{cbc_crypt} encrypts or decrypts one or more blocks
- using DES in Cipher Block Chaining mode.
-@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun void des_setparity (char *@var{key})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{des_setparity} changes the 64-bit @var{key}, stored
- packed in 8-bit bytes, to have odd parity by altering the low bits of
-diff --git a/manual/debug.texi b/manual/debug.texi
-index 1db9c18..ce0c263 100644
---- a/manual/debug.texi
-+++ b/manual/debug.texi
-@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
- @comment execinfo.h
- @comment GNU
- @deftypefun int backtrace (void **@var{buffer}, int @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Pointer chasing within the local stack.
- The @code{backtrace} function obtains a backtrace for the current
- thread, as a list of pointers, and places the information into
- @var{buffer}. The argument @var{size} should be the number of
-@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
- @comment execinfo.h
- @comment GNU
- @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
-+@c Collects info returned by _dl_addr in auto array, allocates memory
-+@c for the whole return buffer with malloc then sprintfs into it storing
-+@c pointers to the strings into the array entries in the buffer.
-+@c _dl_addr takes the recursive dl_load_lock then calls
-+@c _dl_find_dso_for_object and determine_info.
-+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
-+@c All of them are safe as long as the lock is held.
-+@c asynconsist? It doesn't looke like the dynamic loader's data
-+@c structures could be in an inconsistent state that would cause
-+@c malfunction here.
- The @code{backtrace_symbols} function translates the information
- obtained from the @code{backtrace} function into an array of strings.
- The argument @var{buffer} should be a pointer to an array of addresses
-@@ -88,6 +101,11 @@ cannot be obtained.
- @comment execinfo.h
- @comment GNU
- @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
-+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
-+@c Single loop of _dl_addr over addresses, collecting info into an iovec
-+@c written out with a writev call per iteration. Addresses and offsets
-+@c are converted to hex in auto buffers, so the only potential issue
-+@c here is leaking the dl lock in case of cancellation.
- The @code{backtrace_symbols_fd} function performs the same translation
- as the function @code{backtrace_symbols} function. Instead of returning
- the strings to the caller, it writes the strings to the file descriptor
-diff --git a/manual/errno.texi b/manual/errno.texi
-index 6c9fa86..eb3f412 100644
---- a/manual/errno.texi
-+++ b/manual/errno.texi
-@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
- @comment string.h
- @comment ISO
- @deftypefun {char *} strerror (int @var{errnum})
-+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
-+@c Calls strerror_r with a static buffer allocated with malloc on the
-+@c first use.
- The @code{strerror} function maps the error code (@pxref{Checking for
- Errors}) specified by the @var{errnum} argument to a descriptive error
- message string. The return value is a pointer to this string.
-@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
- @comment string.h
- @comment GNU
- @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
-+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
- The @code{strerror_r} function works like @code{strerror} but instead of
- returning the error message in a statically allocated buffer shared by
- all threads in the process, it returns a private copy for the
-@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
- @comment stdio.h
- @comment ISO
- @deftypefun void perror (const char *@var{message})
-+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
-+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
-+@c oriented yet, create a new stream with a dup of stderr's fd and write
-+@c to that instead of stderr, to avoid orienting it.
- This function prints an error message to the stream @code{stderr};
- see @ref{Standard Streams}. The orientation of @code{stderr} is not
- changed.
-@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
- @comment error.h
- @comment GNU
- @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
-+@c Cancellation is disabled throught the execution. It flushes stdout
-+@c and then holds a lock on stderr while printing the program name and
-+@c then running error_tail. The non-wide case just runs vfprintf; the
-+@c wide case converts the message to an alloca/malloc-allocated buffer
-+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
-+@c print_errno_message calls strerror_r and fxprintf.
- The @code{error} function can be used to report general problems during
- program execution. The @var{format} argument is a format string just
- like those given to the @code{printf} family of functions. The
-@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
- @comment error.h
- @comment GNU
- @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
-+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
-+@c The error_one_per_line variable is accessed (without any form of
-+@c synchronization, but since it's an int used once, it should be safe
-+@c enough) and, if this mode is enabled, static variables used to hold
-+@c the last printed file name and line number are accessed and modified
-+@c without synchronization; the update is not atomic and it occurs
-+@c before disabling cancellation, so it can be interrupted after only
-+@c one of the two variables is modified. After that, it's very much
-+@c like error.
-
- The @code{error_at_line} function is very similar to the @code{error}
- function. The only difference are the additional parameters @var{fname}
-@@ -1582,6 +1606,8 @@ are included only for compatibility.
- @comment err.h
- @comment BSD
- @deftypefun void warn (const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Just calls vwarn with the va_list.
- The @code{warn} function is roughly equivalent to a call like
- @smallexample
- error (0, errno, format, @r{the parameters})
-@@ -1594,6 +1620,11 @@ are not used.
- @comment err.h
- @comment BSD
- @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c While holding stderr's recursive lock, it prints the programname, the
-+@c given message, and the error string with fw?printf's %m. When the
-+@c stream is wide, convert_and_print converts the format string to an
-+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
- The @code{vwarn} function is just like @code{warn} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void warnx (const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warn, but without the strerror translation issues.
- The @code{warnx} function is roughly equivalent to a call like
- @smallexample
- error (0, 0, format, @r{the parameters})
-@@ -1615,6 +1648,8 @@ string is printed.
- @comment err.h
- @comment BSD
- @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarn, but without the strerror translation issues.
- The @code{vwarnx} function is just like @code{warnx} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warn followed by exit.
- The @code{err} function is roughly equivalent to a call like
- @smallexample
- error (status, errno, format, @r{the parameters})
-@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
- @comment err.h
- @comment BSD
- @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarn followed by exit.
- The @code{verr} function is just like @code{err} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warnx followed by exit.
- The @code{errx} function is roughly equivalent to a call like
- @smallexample
- error (status, 0, format, @r{the parameters})
-@@ -1657,6 +1698,8 @@ string is printed.
- @comment err.h
- @comment BSD
- @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarnx followed by exit.
- The @code{verrx} function is just like @code{errx} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..2244025 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c If buffer is NULL, this function calls malloc and realloc, and, in
-+@c case of error, free. Linux offers a getcwd syscall that we use on
-+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
-+@c fallback, and on other systems, the generic implementation opens each
-+@c parent directory with opendir, which allocates memory for the
-+@c directory stream with malloc. If a fstatat64 syscall is not
-+@c available, very deep directory trees may also have to malloc to build
-+@c longer sequences of ../../../... than those supported by a global
-+@c const read-only string.
-+
-+@c linux/__getcwd
-+@c posix/__getcwd
-+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
-+@c lstat64 -> see its own entry
-+@c fstatat64
-+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
-+@c openat64_not_cancel_3, close_not_cancel_no_status
-+@c __fdopendir, __opendir, __readdir, rewinddir
- The @code{getcwd} function returns an absolute file name representing
- the current working directory, storing it in the character array
- @var{buffer} that you provide. The @var{size} argument is how you tell
-@@ -116,6 +135,9 @@ software.
- @comment unistd.h
- @comment BSD
- @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
-+@c Besides the getcwd safety issues, it calls strerror_r on error, which
-+@c brings in all of the i18n issues.
- This is similar to @code{getcwd}, but has no way to specify the size of
- the buffer. @Theglibc{} provides @code{getwd} only
- for backwards compatibility with BSD.
-@@ -130,6 +152,9 @@ this function is deprecated.
- @comment unistd.h
- @comment GNU
- @deftypefun {char *} get_current_dir_name (void)
-+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides getcwd, which this function calls as a fallback, it calls
-+@c getenv, with the usual thread-safety issues that brings about.
- @vindex PWD
- This @code{get_current_dir_name} function is basically equivalent to
- @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
-@@ -145,6 +170,7 @@ This function is a GNU extension.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- @var{filename}.
-
-@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
- @comment unistd.h
- @comment XPG
- @deftypefun int fchdir (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- directory associated with the file descriptor @var{filedes}.
-
-@@ -294,12 +321,14 @@ values and @code{st_mode} values:
- @comment dirent.h
- @comment BSD
- @deftypefun int IFTODT (mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{d_type} value corresponding to @var{mode}.
- @end deftypefun
-
- @comment dirent.h
- @comment BSD
- @deftypefun mode_t DTTOIF (int @var{dtype})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{st_mode} value corresponding to @var{dtype}.
- @end deftypefun
- @end table
-@@ -342,6 +371,9 @@ the following functions.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {DIR *} opendir (const char *@var{dirname})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides the safe syscall, we have to allocate the DIR object with
-+@c __alloc_dir, that calls malloc.
- The @code{opendir} function opens and returns a directory stream for
- reading the directory whose file name is @var{dirname}. The stream has
- type @code{DIR *}.
-@@ -381,6 +413,8 @@ alternative interface can be used.
- @comment dirent.h
- @comment GNU
- @deftypefun {DIR *} fdopendir (int @var{fd})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c The DIR object is allocated with __alloc_dir, that calls malloc.
- The @code{fdopendir} function works just like @code{opendir} but
- instead of taking a file name and opening a file descriptor for the
- directory the caller is required to provide a file descriptor. This
-@@ -425,6 +459,7 @@ access.
- @comment dirent.h
- @comment GNU
- @deftypefun int dirfd (DIR *@var{dirstream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The function @code{dirfd} returns the file descriptor associated with
- the directory stream @var{dirstream}. This descriptor can be used until
- the directory is closed with @code{closedir}. If the directory stream
-@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c This function holds dirstream's non-recursive lock, which brings
-+@c about the usual issues with locks and async signals and cancellation,
-+@c but the lock taking is not enough to make the returned value safe to
-+@c use, since it points to a stream's internal buffer that can be
-+@c overwritten by subsequent calls or even released by closedir.
- This function reads the next entry from the directory. It normally
- returns a pointer to a structure containing information about the file.
- This structure is statically allocated and can be rewritten by a
-@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
- @comment dirent.h
- @comment GNU
- @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is the reentrant version of @code{readdir}. Like
- @code{readdir} it returns the next entry from the directory. But to
- prevent conflicts between simultaneously running threads the result is
-@@ -516,6 +558,7 @@ of the last two functions.
- @comment dirent.h
- @comment LFS
- @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64} function is just like the @code{readdir} function
- except that it returns a pointer to a record of type @code{struct
- dirent64}. Some of the members of this data type (notably @code{d_ino})
-@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
- @comment dirent.h
- @comment LFS
- @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64_r} function is equivalent to the @code{readdir_r}
- function except that it takes parameters of base type @code{struct
- dirent64} instead of @code{struct dirent} in the second and third
-@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
- @comment dirent.h
- @comment POSIX.1
- @deftypefun int closedir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
-+@c No synchronization in the posix implementation, only in the hurd
-+@c one. This is regarded as safe because it is undefined behavior if
-+@c other threads could still be using the dir stream while it's closed.
- This function closes the directory stream @var{dirstream}. It returns
- @code{0} on success and @code{-1} on failure.
-
-@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun void rewinddir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{rewinddir} function is used to reinitialize the directory
- stream @var{dirstream}, so that if you call @code{readdir} it
- returns information about the first entry in the directory again. This
-@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
- @comment dirent.h
- @comment BSD
- @deftypefun {long int} telldir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{telldir} function returns the file position of the directory
- stream @var{dirstream}. You can use this value with @code{seekdir} to
- restore the directory stream to that position.
-@@ -597,6 +650,10 @@ restore the directory stream to that position.
- @comment dirent.h
- @comment BSD
- @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{seekdir} function sets the file position of the directory
- stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
- result of a previous call to @code{telldir} on this particular stream;
-@@ -616,6 +673,19 @@ the result.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c The scandir function calls __opendirat, __readdir, and __closedir to
-+@c go over the named dir; malloc and realloc to allocate the namelist
-+@c and copies of each selected dirent, besides the selector, if given,
-+@c and qsort and the cmp functions if the latter is given. In spite of
-+@c the cleanup handler that releases memory and the file descriptor in
-+@c case of synchronous cancellation, an asynchronous cancellation may
-+@c still leak memory and a file descriptor. Although readdir is unsafe
-+@c in general, the use of an internal dir stream for sequential scanning
-+@c of the directory with copying of dirents before subsequent calls
-+@c makes the use safe, and the fact that the dir stream is private to
-+@c each scandir call does away with the lock issues in readdir and
-+@c closedir.
-
- The @code{scandir} function scans the contents of the directory selected
- by @var{dir}. The result in *@var{namelist} is an array of pointers to
-@@ -646,6 +716,8 @@ are very helpful for this purpose.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Calls strcoll.
- The @code{alphasort} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls strverscmp.
- The @code{versionsort} function is like @code{alphasort} except that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
- @comment dirent.h
- @comment GNU
- @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c See scandir.
- The @code{scandir64} function works like the @code{scandir} function
- except that the directory entries it returns are described by elements
- of type @w{@code{struct dirent64}}. The function pointed to by
-@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
- @comment dirent.h
- @comment GNU
- @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c See alphasort.
- The @code{alphasort64} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c See versionsort.
- The @code{versionsort64} function is like @code{alphasort64}, excepted that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -880,6 +960,8 @@ file was passed).
- @comment ftw.h
- @comment SVID
- @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
-+@c see nftw for safety details
- The @code{ftw} function calls the callback function given in the
- parameter @var{func} for every item which is found in the directory
- specified by @var{filename} and all directories below. The function
-@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
- This function is similar to @code{ftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
- @comment ftw.h
- @comment XPG4.2
- @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
-+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
-+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
-+@c if FTW_CHDIR, also calls fchdir
-+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
-+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
-+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
-+@c Since each invocation of *ftw uses its own private search tree, none
-+@c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
- the callback function @var{func} for all items found in the directory
- @var{filename} and below. At most @var{descriptors} file descriptors
-@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
- This function is similar to @code{nftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{link} function makes a new link to the existing file named by
- @var{oldname}, under the new name @var{newname}.
-
-@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
- @comment unistd.h
- @comment BSD
- @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{symlink} function makes a symbolic link to @var{oldname} named
- @var{newname}.
-
-@@ -1190,6 +1287,7 @@ exceeded.
- @comment unistd.h
- @comment BSD
- @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{readlink} function gets the value of the symbolic link
- @var{filename}. The file name that the link points to is copied into
- @var{buffer}. This file name string is @emph{not} null-terminated;
-@@ -1249,6 +1347,8 @@ names can refer to the same inode.
- @comment stdlib.h
- @comment GNU
- @deftypefun {char *} canonicalize_file_name (const char *@var{name})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls realpath.
-
- The @code{canonicalize_file_name} function returns the absolute name of
- the file named by @var{name} which contains no @code{.}, @code{..}
-@@ -1290,6 +1390,8 @@ where the result is placed in.
- @comment stdlib.h
- @comment XPG
- @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
-
- A call to @code{realpath} where the @var{resolved} parameter is
- @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
-@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int unlink (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{unlink} function deletes the file name @var{filename}. If
- this is a file's sole name, the file itself is also deleted. (Actually,
- if any process has the file open when this happens, deletion is
-@@ -1371,6 +1474,7 @@ file system and can't be modified.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int rmdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- @cindex directories, deleting
- @cindex deleting a directory
- The @code{rmdir} function deletes a directory. The directory must be
-@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun int remove (const char *@var{filename})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Calls unlink and rmdir.
- This is the @w{ISO C} function to remove a file. It works like
- @code{unlink} for files and like @code{rmdir} for directories.
- @code{remove} is declared in @file{stdio.h}.
-@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
- @comment stdio.h
- @comment ISO
- @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a rename syscall, there's an emulation with link
-+@c and unlink, but it's racy, even more so if newname exists and is
-+@c unlinked first.
- The @code{rename} function renames the file @var{oldname} to
- @var{newname}. The file formerly accessible under the name
- @var{oldname} is afterwards accessible as @var{newname} instead. (If
-@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{mkdir} function creates a new, empty directory with name
- @var{filename}.
-
-@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{stat} function returns information about the attributes of the
- file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
-
-@@ -1875,6 +1987,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{stat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fstat} function is like @code{stat}, except that it takes an
- open file descriptor as an argument instead of a file name.
- @xref{Low-Level I/O}.
-@@ -1909,6 +2023,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{fstat} but is able to work on large
- files on 32-bit platforms. For large files the file descriptor
- @var{filedes} should be obtained by @code{open64} or @code{creat64}.
-@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
- replaces the interface for small files on 32-bit machines.
- @end deftypefun
-
-+@c fstatat will call alloca and snprintf if the syscall is not
-+@c available.
-+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+
- @comment sys/stat.h
- @comment BSD
- @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat, sometimes with an xstat conv call
-+@c afterwards.
- The @code{lstat} function is like @code{stat}, except that it does not
- follow symbolic links. If @var{filename} is the name of a symbolic
- link, @code{lstat} returns information about the link itself; otherwise
-@@ -1936,6 +2058,9 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat64, sometimes with an xstat conv
-+@c call afterwards.
- This function is similar to @code{lstat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1974,12 +2099,14 @@ that file:
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISDIR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a directory.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISCHR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a character special file (a
- device like a terminal).
- @end deftypefn
-@@ -1987,6 +2114,7 @@ device like a terminal).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISBLK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a block special file (a device
- like a disk).
- @end deftypefn
-@@ -1994,12 +2122,14 @@ like a disk).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISREG (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a regular file.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISFIFO (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a FIFO special file, or a
- pipe. @xref{Pipes and FIFOs}.
- @end deftypefn
-@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISLNK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a symbolic link.
- @xref{Symbolic Links}.
- @end deftypefn
-@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISSOCK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a socket. @xref{Sockets}.
- @end deftypefn
-
-@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX message queues as distinct objects and the
- file is a message queue object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX semaphores as distinct objects and the
- file is a semaphore object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX shared memory objects as distinct objects
- and the file is an shared memory object, this macro returns a non-zero
- value. In all other cases the result is zero.
-@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chown} function changes the owner of the file @var{filename} to
- @var{owner}, and its group owner to @var{group}.
-
-@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
- @comment unistd.h
- @comment BSD
- @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chown}, except that it changes the owner of the open
- file with descriptor @var{filedes}.
-
-@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun mode_t umask (mode_t @var{mask})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{umask} function sets the file creation mask of the current
- process to @var{mask}, and returns the previous value of the file
- creation mask.
-@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
- @comment sys/stat.h
- @comment GNU
- @deftypefun mode_t getumask (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Return the current value of the file creation mask for the current
- process. This function is a GNU extension and is only available on
- @gnuhurdsystems{}.
-@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chmod} function sets the access permission bits for the file
- named by @var{filename} to @var{mode}.
-
-@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chmod}, except that it changes the permissions of the
- currently open file given by @var{filedes}.
-
-@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int access (const char *@var{filename}, int @var{how})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{access} function checks to see whether the file named by
- @var{filename} can be accessed in the way specified by the @var{how}
- argument. The @var{how} argument either can be the bitwise OR of the
-@@ -2732,6 +2874,9 @@ This is the modification time for the file.
- @comment utime.h
- @comment POSIX.1
- @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utime syscall, it non-atomically converts times
-+@c to a struct timeval and calls utimes.
- This function is used to modify the file times associated with the file
- named @var{filename}.
-
-@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, or to
-+@c struct utimbuf and calls utime.
- This function sets the file access and modification times of the file
- @var{filename}. The new file access time is specified by
- @code{@var{tvp}[0]}, and the new modification time by
-@@ -2797,6 +2946,9 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no lutimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall.
- This function is like @code{utimes}, except that it does not follow
- symbolic links. If @var{filename} is the name of a symbolic link,
- @code{lutimes} sets the file access and modification times of the
-@@ -2813,6 +2965,10 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no futimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, falling back
-+@c to utimes on a /proc/self/fd symlink.
- This function is like @code{utimes}, except that it takes an open file
- descriptor as an argument instead of a file name. @xref{Low-Level
- I/O}. This function comes from FreeBSD, and is not available on all
-@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
- @comment unistd.h
- @comment X/Open
- @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a truncate syscall, we use open and ftruncate.
-
- The @code{truncate} function changes the size of @var{filename} to
- @var{length}. If @var{length} is shorter than the previous length, data
-@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try truncate if length fits.
- This function is similar to the @code{truncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines, which allows the handling of files with sizes up to
-@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX
- @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This is like @code{truncate}, but it works on a file descriptor @var{fd}
- for an opened file instead of a file name to identify the object. The
-@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try ftruncate if length fits.
- This function is similar to the @code{ftruncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines which allows the handling of files with sizes up to
-@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Instead of issuing the syscall directly, we go through xmknod.
-+@c Although the internal xmknod takes a dev_t*, that could lead to
-+@c xguargs races, it's passed a pointer to mknod's dev.
- The @code{mknod} function makes a special file with name @var{filename}.
- The @var{mode} specifies the mode of the file, and may include the various
- special file bits, such as @code{S_IFCHR} (for a character special file)
-@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} tmpfile (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@c The unsafety issues are those of fdopen, plus fdleak because of the
-+@c open.
-+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
-+@c libc_secure_genenv only if try_tmpdir
-+@c xstat64, strlen, strcmp, sprintf
-+@c __gen_tempname (internal tmpl, __GT_FILE) ok
-+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
-+@c HP_TIMING_NOW if available ok
-+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
-+@c static value is used and modified without synchronization ok
-+@c but the use is as a source of non-cryptographic randomness
-+@c with retries in case of collision, so it should be safe
-+@c unlink, fdopen
- This function creates a temporary binary file for update mode, as if by
- calling @code{fopen} with mode @code{"wb+"}. The file is deleted
- automatically when it is closed or when the program terminates. (On
-@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} tmpfile64 (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{tmpfile}, but the stream it returns a
- pointer to was opened using @code{tmpfile64}. Therefore this stream can
- be used for files larger then @math{2^31} bytes on 32-bit machines.
-@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
- @comment stdio.h
- @comment ISO
- @deftypefun {char *} tmpnam (char *@var{result})
-+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
-+@c The passed-in buffer should not be modified concurrently with the
-+@c call.
-+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
- This function constructs and returns a valid file name that does not
- refer to any existing file. If the @var{result} argument is a null
- pointer, the return value is a pointer to an internal static string,
-@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdio.h
- @comment GNU
- @deftypefun {char *} tmpnam_r (char *@var{result})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- This function is nearly identical to the @code{tmpnam} function, except
- that if @var{result} is a null pointer it returns a null pointer.
-
-@@ -3192,6 +3380,13 @@ never less than @code{25}.
- @comment stdio.h
- @comment SVID
- @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
-+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
-+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
-+@c even with a non-NULL dir, which makes this thread-unsafe.
-+@c
-+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
-+@c strdup
- This function generates a unique temporary file name. If @var{prefix}
- is not a null pointer, up to five characters of this string are used as
- a prefix for the file name. The return value is a string newly
-@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
- @comment stdlib.h
- @comment Unix
- @deftypefun {char *} mktemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
- The @code{mktemp} function generates a unique file name by modifying
- @var{template} as described above. If successful, it returns
- @var{template} as modified. If @code{mktemp} cannot find a unique file
-@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdlib.h
- @comment BSD
- @deftypefun int mkstemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
-+@c __gen_tempname (caller tmpl, __GT_FILE) ok
- The @code{mkstemp} function generates a unique file name just as
- @code{mktemp} does, but it also opens the file for you with @code{open}
- (@pxref{Opening and Closing Files}). If successful, it modifies
-@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
- @comment stdlib.h
- @comment BSD
- @deftypefun {char *} mkdtemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_DIR) ok
- The @code{mkdtemp} function creates a directory with a unique name. If
- it succeeds, it overwrites @var{template} with the name of the
- directory, and returns @var{template}. As with @code{mktemp} and
-@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
- @xref{Creating Directories}.
-
- The @code{mkdtemp} function comes from OpenBSD.
-+
-+@c FIXME these are undocumented:
-+@c faccessat
-+@c fchmodat
-+@c fchownat
-+@c futimesat
-+@c fstatat
-+@c linkat
-+@c mkdirat
-+@c mkfifoat
-+@c name_to_handle_at
-+@c openat
-+@c open_by_handle_at
-+@c readlinkat
-+@c renameat
-+@c scandirat
-+@c symlinkat
-+@c unlinkat
-+@c utimensat
-+@c mknodat
-diff --git a/manual/getopt.texi b/manual/getopt.texi
-index f0b7283..3c1f4de 100644
---- a/manual/getopt.texi
-+++ b/manual/getopt.texi
-@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
- @comment unistd.h
- @comment POSIX.2
- @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c It may swap argv elements but argv is not guarded, and the
-+@c modifications may be partial in case of cancellation. Calling getenv
-+@c also brings about thread-safety issues out of access and returning
-+@c pointers into the globally shared environment array, just like
-+@c calling gettext brings about a whole lot of AS and AC safety issues.
-+@c The getopt API involves returning values in the non-thread-specific
-+@c optarg variable, which adds another thread-safety issue. Given
-+@c print_errors, it may output errors to stderr, which may
-+@c self-deadlock, leak locks, or encounter (in a signal handler) or
-+@c leave (in case of cancellation) stderr in an inconsistent state.
-+@c Various implicit, indirect uses of malloc, in uses of memstream and
-+@c asprintf for error-printing, bring about the usual malloc issues.
-+@c (The explicit use of malloc in a conditional situation in
-+@c _getopt_initialize is never exercised in glibc.)
-+@c
-+@c _getopt_internal
-+@c _getopt_internal_r
-+@c gettext
-+@c _getopt_initialize
-+@c getenv
-+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
-+@c open_memstream
-+@c lockfile, unlockfile, __fxprintf -> stderr
-+@c asprintf
- The @code{getopt} function gets the next option argument from the
- argument list specified by the @var{argv} and @var{argc} arguments.
- Normally these values come directly from the arguments received by
-@@ -225,6 +250,8 @@ was seen.
- @comment getopt.h
- @comment GNU
- @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Same issues as getopt.
- Decode options from the vector @var{argv} (whose length is @var{argc}).
- The argument @var{shortopts} describes the short options to accept, just as
- it does in @code{getopt}. The argument @var{longopts} describes the long
-@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
- @comment getopt.h
- @comment GNU
- @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Same issues as getopt.
-
- The @code{getopt_long_only} function is equivalent to the
- @code{getopt_long} function but it allows to specify the user of the
-diff --git a/manual/intro.texi b/manual/intro.texi
-index 2630a77..e47832c 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
- @code{setlocale} should not be called while these functions are active.
-
-
-+@item @code{envromt}
-+@cindex envromt
-+
-+Functions marked with @code{envromt} access the environment with
-+@code{getenv} or similar, requiring the environment to be effectively
-+read-only for MT-Safe operation.
-+
-+Environment-modifying functions do not protect in any way against
-+concurrent modifications or access, so calling @code{envromt}-marked
-+functions concurrently with @code{setenv}, @code{putenv},
-+@code{unsetenv} or direct modifications of the global environment data
-+structures is ill-advised; external concurrency control must be
-+introduced by callers of these environment-modifying and
-+@code{envromt}-marked functions.
-+
-+Functions that modify the environment are also marked with
-+@code{envromt}, but they are not MT-Safe for the reasons above. Since
-+all environment-modifying functions are MT-Unsafe, functions that only
-+access the environment are marked as MT-Safe when no other safety issue
-+applies.
-+
-+
- @item @code{uunguard}
- @cindex uunguard
-
-@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
- modified concurrently by other threads or signal handlers.
-
-
-+@item @code{tempchwd}
-+@cindex tempchwd
-+
-+Functions marked with @code{tempchwd} may temporarily change the current
-+working directory during their execution, which may cause relative
-+pathnames to be resolved in unexpected ways in other threads or within
-+asynchronous signal or cancellation handlers.
-+
-+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
-+but when this behavior is optional (e.g., @code{nftw} with
-+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
-+a good alternative to using full pathnames or file descriptor-relative
-+(e.g. @code{openat}) system calls.
-+
-+
-+@item @code{tempterm}
-+@cindex tempterm
-+
-+Functions marked with @code{tempterm} may temporarily change the
-+terminal settings.
-+
-+This would not be enough of a reason to mark so-marked functions as
-+MT-Unsafe, but the recommended mode to modify terminal settings is to
-+call @code{tcgetattr}, modify some flags, and then call
-+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
-+they leave a window in which changes made by other threads are lost.
-+
-+It is thus advisable for applications using the terminal to avoid
-+concurrent interactions with it, more so if they expect different
-+terminal modes.
-+
-+If this mark appears as an AC-Safety note, it means the function may
-+also fail to restore the original terminal mode in case of asynchronous
-+cancellation.
-+
-+
- @end itemize
-
-
-@@ -305,11 +363,37 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-
-+In many of these cases, the static buffer is only used to hold a return
-+value; in a few of these, such as @code{tmpnam}, the use of the internal
-+buffer can be avoided by passing the buffer as an argument, which makes
-+the call MT-Safe and AS-Safe.
-+
-+
-+@item @code{asi18n}
-+@cindex asi18n
-+
-+Functions marked with @code{asi18n} use internationalization functions
-+(@code{gettext}), which brings in a number of dependencies and issues
-+yet to be documented.
-+
-+
-+@item @code{shlimb}
-+@cindex shlimb
-+
-+Functions marked with @code{shlimb} use the dynamic loader to bring in
-+additional code modules. This involves opening files, mapping them into
-+memory, allocating additional memory, resolving symbols, applying
-+relocations and more, all of this while holding the dynamic loader
-+lock.
-+
-+The non-recursive lock itself is enough for the function to be AS- and
-+AC-Unsafe, but many other issues may arise.
-+
-
- @item @code{fdleak}
- @cindex fdleak
-@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
- Functions marked with @code{selfdeadlock} take a non-recursive lock to
- ensure MT-Safety while modifying data structures guarded by the lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the result is a deadlock.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, the result is a deadlock.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid a deadlock if any signal handler might need
-@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
- MT-Safety while accessing or modifying data structures guarded by the
- lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the latter function may observe a partially updated,
--inconsistent data structure, and misbehave.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, both may misbehave for
-+observing inconsistent (partially updated or cached) data structures.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid the misbehavior that may ensue if any signal
-@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
- only safe way to avoid the misbehavior that may ensure if the thread is
- canceled while the function is running.
-
-+@c A special case, probably not worth documenting separately, involves
-+@c reallocing, or even freeing pointers. Any case involving free could
-+@c be easily turned into an ac-safe memleak by resetting the pointer
-+@c before releasing it; I don't think we have any case that calls for
-+@c this sort of fixing. Fixing the realloc cases would require a new
-+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
-+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
-+@c before releasing the old memory. The ac-unsafe realloc could be
-+@c implemented in terms of an internal interface with this semantics
-+@c (say __acsafe_realloc), but since realloc can be overridden, the
-+@c function we call to implement realloc should not be this internal
-+@c interface, but another internal interface that calls __acsafe_realloc
-+@c if realloc was not overridden, and calls the overridden realloc with
-+@c async cancel disabled. --lxoliva
-+
-
- @item @code{simfpu}
- @cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index e415a47..7f2c050 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
-Top: 6ecb4948f5afac7b2e943164b461bf059c000127
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index d6b66ee..0fa4208 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 6ecb4948f5afac7b2e943164b461bf059c000127
-Top: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
commit 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c48dff451b9a543c5f827092417468a0d6672c59
commit c48dff451b9a543c5f827092417468a0d6672c59
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0082110725464cff983520a32eac4c49ff25339e
commit 0082110725464cff983520a32eac4c49ff25339e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1d06a086358b876405130714e2c5cf0d7740ab8
commit d1d06a086358b876405130714e2c5cf0d7740ab8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e3578b80d486c85ecfce6a21f09e9051d868468b
commit e3578b80d486c85ecfce6a21f09e9051d868468b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b035d6eeb7b48636043919617d515c88522ba6c3
commit b035d6eeb7b48636043919617d515c88522ba6c3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ce7a82428b383c27385283464762599a0000cba2
commit ce7a82428b383c27385283464762599a0000cba2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7f89734934ba539d84fdf02163f64ae84f795ac9
commit 7f89734934ba539d84fdf02163f64ae84f795ac9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=727a9c49e98194570a2c85e47c355bcc55398cd9
commit 727a9c49e98194570a2c85e47c355bcc55398cd9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e600904c5eab885a1a7c8aef6bb2f570bd201275
commit e600904c5eab885a1a7c8aef6bb2f570bd201275
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95b0911edf2eb244430d9533ec0a8a3f7058581c
commit 95b0911edf2eb244430d9533ec0a8a3f7058581c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=296ae41496afc524f6f75648a3298a5419b46990
commit 296ae41496afc524f6f75648a3298a5419b46990
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
commit 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
commit 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62694b21850cd676e82306bc82418b952b9d3d31
commit 62694b21850cd676e82306bc82418b952b9d3d31
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ff199e32650a502ca50da4736e82ed813e08fa4
commit 8ff199e32650a502ca50da4736e82ed813e08fa4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8f0d964f583cad6e1513d3ee7521ebca819e5751
commit 8f0d964f583cad6e1513d3ee7521ebca819e5751
Merge: cef7673 b4d906a 351fb37
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cef76738899cce255453eb45aba66aed9204d228
commit cef76738899cce255453eb45aba66aed9204d228
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh
diff --git a/meta b/meta
index 0ed9f4f..00e3714 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: 76dc6db481a93b17fc264340a48aa76e2afe8f75
-Head: cc2ab132a3cc951371827c846aa4dfa264ba321f
+Previous: b4d906acf0574484a2eee239e7c46c7e060297be
+Head: 351fb371fa127df8fa5e27b38a330e4258b35180
Applied:
- manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
- refresh-temp: cc2ab132a3cc951371827c846aa4dfa264ba321f
+ manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 6bdec13..e164c49 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: c59759fbdfb422ada848ebdd3845677059986449
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
@@ -15,10 +15,10 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..2630a77 100644
+index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
-@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
+@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
@@ -112,6 +112,28 @@ index deaf089..2630a77 100644
+@code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+@item @code{uunguard}
+@cindex uunguard
+
@@ -141,6 +163,42 @@ index deaf089..2630a77 100644
+modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+@end itemize
+
+
@@ -155,11 +213,37 @@ index deaf089..2630a77 100644
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
-+destructively.
++destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+@item @code{fdleak}
+@cindex fdleak
@@ -240,9 +324,8 @@ index deaf089..2630a77 100644
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
-+If such a function is interrupted by a signal while holding the lock,
-+and the signal handler calls any function that takes the same
-+non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
@@ -256,10 +339,9 @@ index deaf089..2630a77 100644
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
-+If such a function is interrupted by a signal while holding the lock,
-+and the signal handler calls any function that takes the same
-+non-recursive lock, the latter function may observe a partially updated,
-+inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
@@ -294,6 +376,21 @@ index deaf089..2630a77 100644
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+@item @code{simfpu}
+@cindex simfpu
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0a83e12..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,172 +0,0 @@
-Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
-Top: c59759fbdfb422ada848ebdd3845677059986449
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:07:31 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index 2630a77..e47832c 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
- @code{setlocale} should not be called while these functions are active.
-
-
-+@item @code{envromt}
-+@cindex envromt
-+
-+Functions marked with @code{envromt} access the environment with
-+@code{getenv} or similar, requiring the environment to be effectively
-+read-only for MT-Safe operation.
-+
-+Environment-modifying functions do not protect in any way against
-+concurrent modifications or access, so calling @code{envromt}-marked
-+functions concurrently with @code{setenv}, @code{putenv},
-+@code{unsetenv} or direct modifications of the global environment data
-+structures is ill-advised; external concurrency control must be
-+introduced by callers of these environment-modifying and
-+@code{envromt}-marked functions.
-+
-+Functions that modify the environment are also marked with
-+@code{envromt}, but they are not MT-Safe for the reasons above. Since
-+all environment-modifying functions are MT-Unsafe, functions that only
-+access the environment are marked as MT-Safe when no other safety issue
-+applies.
-+
-+
- @item @code{uunguard}
- @cindex uunguard
-
-@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
- modified concurrently by other threads or signal handlers.
-
-
-+@item @code{tempchwd}
-+@cindex tempchwd
-+
-+Functions marked with @code{tempchwd} may temporarily change the current
-+working directory during their execution, which may cause relative
-+pathnames to be resolved in unexpected ways in other threads or within
-+asynchronous signal or cancellation handlers.
-+
-+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
-+but when this behavior is optional (e.g., @code{nftw} with
-+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
-+a good alternative to using full pathnames or file descriptor-relative
-+(e.g. @code{openat}) system calls.
-+
-+
-+@item @code{tempterm}
-+@cindex tempterm
-+
-+Functions marked with @code{tempterm} may temporarily change the
-+terminal settings.
-+
-+This would not be enough of a reason to mark so-marked functions as
-+MT-Unsafe, but the recommended mode to modify terminal settings is to
-+call @code{tcgetattr}, modify some flags, and then call
-+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
-+they leave a window in which changes made by other threads are lost.
-+
-+It is thus advisable for applications using the terminal to avoid
-+concurrent interactions with it, more so if they expect different
-+terminal modes.
-+
-+If this mark appears as an AC-Safety note, it means the function may
-+also fail to restore the original terminal mode in case of asynchronous
-+cancellation.
-+
-+
- @end itemize
-
-
-@@ -305,11 +363,37 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-
-+In many of these cases, the static buffer is only used to hold a return
-+value; in a few of these, such as @code{tmpnam}, the use of the internal
-+buffer can be avoided by passing the buffer as an argument, which makes
-+the call MT-Safe and AS-Safe.
-+
-+
-+@item @code{asi18n}
-+@cindex asi18n
-+
-+Functions marked with @code{asi18n} use internationalization functions
-+(@code{gettext}), which brings in a number of dependencies and issues
-+yet to be documented.
-+
-+
-+@item @code{shlimb}
-+@cindex shlimb
-+
-+Functions marked with @code{shlimb} use the dynamic loader to bring in
-+additional code modules. This involves opening files, mapping them into
-+memory, allocating additional memory, resolving symbols, applying
-+relocations and more, all of this while holding the dynamic loader
-+lock.
-+
-+The non-recursive lock itself is enough for the function to be AS- and
-+AC-Unsafe, but many other issues may arise.
-+
-
- @item @code{fdleak}
- @cindex fdleak
-@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
- Functions marked with @code{selfdeadlock} take a non-recursive lock to
- ensure MT-Safety while modifying data structures guarded by the lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the result is a deadlock.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, the result is a deadlock.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid a deadlock if any signal handler might need
-@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
- MT-Safety while accessing or modifying data structures guarded by the
- lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the latter function may observe a partially updated,
--inconsistent data structure, and misbehave.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, both may misbehave for
-+observing inconsistent (partially updated or cached) data structures.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid the misbehavior that may ensue if any signal
-@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
- only safe way to avoid the misbehavior that may ensure if the thread is
- canceled while the function is running.
-
-+@c A special case, probably not worth documenting separately, involves
-+@c reallocing, or even freeing pointers. Any case involving free could
-+@c be easily turned into an ac-safe memleak by resetting the pointer
-+@c before releasing it; I don't think we have any case that calls for
-+@c this sort of fixing. Fixing the realloc cases would require a new
-+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
-+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
-+@c before releasing the old memory. The ac-unsafe realloc could be
-+@c implemented in terms of an internal interface with this semantics
-+@c (say __acsafe_realloc), but since realloc can be overridden, the
-+@c function we call to implement realloc should not be this internal
-+@c interface, but another internal interface that calls __acsafe_realloc
-+@c if realloc was not overridden, and calls the overridden realloc with
-+@c async cancel disabled. --lxoliva
-+
-
- @item @code{simfpu}
- @cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b4d906acf0574484a2eee239e7c46c7e060297be
commit b4d906acf0574484a2eee239e7c46c7e060297be
Merge: e5b53da cc2ab13 76dc6db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e5b53dab5736d53f6414d24c50ecb9329a8f7391
commit e5b53dab5736d53f6414d24c50ecb9329a8f7391
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 6a14b79..0ed9f4f 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
-Head: f159288e81a5a769e1274527d307f82bd918d8e5
+Previous: 76dc6db481a93b17fc264340a48aa76e2afe8f75
+Head: cc2ab132a3cc951371827c846aa4dfa264ba321f
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+ refresh-temp: cc2ab132a3cc951371827c846aa4dfa264ba321f
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0a83e12
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,172 @@
+Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: c59759fbdfb422ada848ebdd3845677059986449
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:07:31 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index 2630a77..e47832c 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
+ @code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+ @item @code{uunguard}
+ @cindex uunguard
+
+@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
+ modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+ @end itemize
+
+
+@@ -305,11 +363,37 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+ @item @code{fdleak}
+ @cindex fdleak
+@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
+ Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ ensure MT-Safety while modifying data structures guarded by the lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid a deadlock if any signal handler might need
+@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
+ MT-Safety while accessing or modifying data structures guarded by the
+ lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the latter function may observe a partially updated,
+-inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid the misbehavior that may ensue if any signal
+@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
+ only safe way to avoid the misbehavior that may ensure if the thread is
+ canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+ @item @code{simfpu}
+ @cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cc2ab132a3cc951371827c846aa4dfa264ba321f
commit cc2ab132a3cc951371827c846aa4dfa264ba321f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76dc6db481a93b17fc264340a48aa76e2afe8f75
commit 76dc6db481a93b17fc264340a48aa76e2afe8f75
Merge: c92e698 d9c9f06
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:18 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c92e6984cabde57c3fca8e3eb572880c127081e0
commit c92e6984cabde57c3fca8e3eb572880c127081e0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:18 2013 -0300
push
diff --git a/meta b/meta
index 8ae9a1b..6a14b79 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: b1b6abe1cfb871cadb695ab02b83c4dd64019e63
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
+Head: f159288e81a5a769e1274527d307f82bd918d8e5
Applied:
-Unapplied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
commit d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
Merge: 23e8267 b1b6abe ca0a6bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:16 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=23e8267e7b64076cbdd271376d0e446282ec7848
commit 23e8267e7b64076cbdd271376d0e446282ec7848
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:16 2013 -0300
pop
diff --git a/meta b/meta
index d7dffb5..8ae9a1b 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
-Head: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
+Previous: b1b6abe1cfb871cadb695ab02b83c4dd64019e63
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
@@ -15,7 +16,6 @@ Applied:
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
-Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b1b6abe1cfb871cadb695ab02b83c4dd64019e63
commit b1b6abe1cfb871cadb695ab02b83c4dd64019e63
Merge: ef9c434 b42c03a f79b9fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:37 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ef9c434101aae96d5d6e90f58ceb5d101c33d4c9
commit ef9c434101aae96d5d6e90f58ceb5d101c33d4c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:37 2013 -0300
import
diff --git a/meta b/meta
index b6649b9..d7dffb5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
-Head: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
+Previous: b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
+Head: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
+ manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
new file mode 100644
index 0000000..d1ce979
--- /dev/null
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -0,0 +1,68 @@
+Bottom: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Top: eaf7ea9f21df96f6e1ba6d92a8b44a2546e980f4
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:06:36 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/getopt.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/getopt.texi b/manual/getopt.texi
+index f0b7283..3c1f4de 100644
+--- a/manual/getopt.texi
++++ b/manual/getopt.texi
+@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c It may swap argv elements but argv is not guarded, and the
++@c modifications may be partial in case of cancellation. Calling getenv
++@c also brings about thread-safety issues out of access and returning
++@c pointers into the globally shared environment array, just like
++@c calling gettext brings about a whole lot of AS and AC safety issues.
++@c The getopt API involves returning values in the non-thread-specific
++@c optarg variable, which adds another thread-safety issue. Given
++@c print_errors, it may output errors to stderr, which may
++@c self-deadlock, leak locks, or encounter (in a signal handler) or
++@c leave (in case of cancellation) stderr in an inconsistent state.
++@c Various implicit, indirect uses of malloc, in uses of memstream and
++@c asprintf for error-printing, bring about the usual malloc issues.
++@c (The explicit use of malloc in a conditional situation in
++@c _getopt_initialize is never exercised in glibc.)
++@c
++@c _getopt_internal
++@c _getopt_internal_r
++@c gettext
++@c _getopt_initialize
++@c getenv
++@c malloc if USE_NONOPTION_FLAGS, never defined in libc
++@c open_memstream
++@c lockfile, unlockfile, __fxprintf -> stderr
++@c asprintf
+ The @code{getopt} function gets the next option argument from the
+ argument list specified by the @var{argv} and @var{argc} arguments.
+ Normally these values come directly from the arguments received by
+@@ -225,6 +250,8 @@ was seen.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+ Decode options from the vector @var{argv} (whose length is @var{argc}).
+ The argument @var{shortopts} describes the short options to accept, just as
+ it does in @code{getopt}. The argument @var{longopts} describes the long
+@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+
+ The @code{getopt_long_only} function is equivalent to the
+ @code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
commit f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
commit b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
Merge: 719c006 ceb20a5 9ae778a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=719c00675114f4846a42b628cbabc290a7cb1edc
commit 719c00675114f4846a42b628cbabc290a7cb1edc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
import
diff --git a/meta b/meta
index 7992004..b6649b9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
-Head: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
+Previous: ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
+Head: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -13,6 +13,7 @@ Applied:
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
+ manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
new file mode 100644
index 0000000..5f9b89d
--- /dev/null
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -0,0 +1,789 @@
+Bottom: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Top: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:06:03 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/filesys.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..2244025 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the file.
+ This structure is statically allocated and can be rewritten by a
+@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is the reentrant version of @code{readdir}. Like
+ @code{readdir} it returns the next entry from the directory. But to
+ prevent conflicts between simultaneously running threads the result is
+@@ -516,6 +558,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -597,6 +650,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -616,6 +673,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -646,6 +716,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -880,6 +960,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1190,6 +1287,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1249,6 +1347,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1290,6 +1390,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1371,6 +1474,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1875,6 +1987,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1909,6 +2023,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1936,6 +2058,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1974,12 +2099,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -1987,6 +2114,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -1994,12 +2122,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2732,6 +2874,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2797,6 +2946,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2813,6 +2965,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3192,6 +3380,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9ae778a025f0908ba789a9e0cf5065ab0d53628a
commit 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
commit ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
Merge: 062c00c 99ddb1a 6c7e1ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=062c00c3e50ab93e97a8ed26286888206052e6ed
commit 062c00c3e50ab93e97a8ed26286888206052e6ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
import
diff --git a/meta b/meta
index 0437233..7992004 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4d8b595aa808366628a3d60761726294a8eb41f7
-Head: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
+Previous: 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
+Head: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -12,6 +12,7 @@ Applied:
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
+ manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
new file mode 100644
index 0000000..75e4099
--- /dev/null
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -0,0 +1,152 @@
+Bottom: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Top: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:05:34 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/errno.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/errno.texi b/manual/errno.texi
+index 6c9fa86..eb3f412 100644
+--- a/manual/errno.texi
++++ b/manual/errno.texi
+@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strerror (int @var{errnum})
++@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
++@c Calls strerror_r with a static buffer allocated with malloc on the
++@c first use.
+ The @code{strerror} function maps the error code (@pxref{Checking for
+ Errors}) specified by the @var{errnum} argument to a descriptive error
+ message string. The return value is a pointer to this string.
+@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
++@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
+ The @code{strerror_r} function works like @code{strerror} but instead of
+ returning the error message in a statically allocated buffer shared by
+ all threads in the process, it returns a private copy for the
+@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void perror (const char *@var{message})
++@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
++@c Besides strerror_r's and some of fprintf's issues, if stderr is not
++@c oriented yet, create a new stream with a dup of stderr's fd and write
++@c to that instead of stderr, to avoid orienting it.
+ This function prints an error message to the stream @code{stderr};
+ see @ref{Standard Streams}. The orientation of @code{stderr} is not
+ changed.
+@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
++@c Cancellation is disabled throught the execution. It flushes stdout
++@c and then holds a lock on stderr while printing the program name and
++@c then running error_tail. The non-wide case just runs vfprintf; the
++@c wide case converts the message to an alloca/malloc-allocated buffer
++@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
++@c print_errno_message calls strerror_r and fxprintf.
+ The @code{error} function can be used to report general problems during
+ program execution. The @var{format} argument is a format string just
+ like those given to the @code{printf} family of functions. The
+@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
++@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
++@c The error_one_per_line variable is accessed (without any form of
++@c synchronization, but since it's an int used once, it should be safe
++@c enough) and, if this mode is enabled, static variables used to hold
++@c the last printed file name and line number are accessed and modified
++@c without synchronization; the update is not atomic and it occurs
++@c before disabling cancellation, so it can be interrupted after only
++@c one of the two variables is modified. After that, it's very much
++@c like error.
+
+ The @code{error_at_line} function is very similar to the @code{error}
+ function. The only difference are the additional parameters @var{fname}
+@@ -1582,6 +1606,8 @@ are included only for compatibility.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warn (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Just calls vwarn with the va_list.
+ The @code{warn} function is roughly equivalent to a call like
+ @smallexample
+ error (0, errno, format, @r{the parameters})
+@@ -1594,6 +1620,11 @@ are not used.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c While holding stderr's recursive lock, it prints the programname, the
++@c given message, and the error string with fw?printf's %m. When the
++@c stream is wide, convert_and_print converts the format string to an
++@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
+ The @code{vwarn} function is just like @code{warn} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warnx (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn, but without the strerror translation issues.
+ The @code{warnx} function is roughly equivalent to a call like
+ @smallexample
+ error (0, 0, format, @r{the parameters})
+@@ -1615,6 +1648,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn, but without the strerror translation issues.
+ The @code{vwarnx} function is just like @code{warnx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn followed by exit.
+ The @code{err} function is roughly equivalent to a call like
+ @smallexample
+ error (status, errno, format, @r{the parameters})
+@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn followed by exit.
+ The @code{verr} function is just like @code{err} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warnx followed by exit.
+ The @code{errx} function is roughly equivalent to a call like
+ @smallexample
+ error (status, 0, format, @r{the parameters})
+@@ -1657,6 +1698,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarnx followed by exit.
+ The @code{verrx} function is just like @code{errx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
commit 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=99ddb1a0214122ee3ce2d4a4292978e1e00442a4
commit 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
Merge: 91130e4 c7ee4c2 4d8b595
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:12 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91130e4b59ea170e3c28c543b5f83380c1998e6b
commit 91130e4b59ea170e3c28c543b5f83380c1998e6b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:12 2013 -0300
import
diff --git a/meta b/meta
index 35b24f1..0437233 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4d47d98038a63156be7d3a6588f4892f3f44b0b3
-Head: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
+Previous: 4d8b595aa808366628a3d60761726294a8eb41f7
+Head: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
+ manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
new file mode 100644
index 0000000..c31f434
--- /dev/null
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -0,0 +1,57 @@
+Bottom: ef2aa24039042b2529772d0209797c599eb01fbe
+Top: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:05:11 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/debug.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/debug.texi b/manual/debug.texi
+index 1db9c18..ce0c263 100644
+--- a/manual/debug.texi
++++ b/manual/debug.texi
+@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun int backtrace (void **@var{buffer}, int @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Pointer chasing within the local stack.
+ The @code{backtrace} function obtains a backtrace for the current
+ thread, as a list of pointers, and places the information into
+ @var{buffer}. The argument @var{size} should be the number of
+@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
++@c Collects info returned by _dl_addr in auto array, allocates memory
++@c for the whole return buffer with malloc then sprintfs into it storing
++@c pointers to the strings into the array entries in the buffer.
++@c _dl_addr takes the recursive dl_load_lock then calls
++@c _dl_find_dso_for_object and determine_info.
++@c _dl_find_dso_for_object calls _dl-addr_inside_object.
++@c All of them are safe as long as the lock is held.
++@c asynconsist? It doesn't looke like the dynamic loader's data
++@c structures could be in an inconsistent state that would cause
++@c malfunction here.
+ The @code{backtrace_symbols} function translates the information
+ obtained from the @code{backtrace} function into an array of strings.
+ The argument @var{buffer} should be a pointer to an array of addresses
+@@ -88,6 +101,11 @@ cannot be obtained.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c Single loop of _dl_addr over addresses, collecting info into an iovec
++@c written out with a writev call per iteration. Addresses and offsets
++@c are converted to hex in auto buffers, so the only potential issue
++@c here is leaking the dl lock in case of cancellation.
+ The @code{backtrace_symbols_fd} function performs the same translation
+ as the function @code{backtrace_symbols} function. Instead of returning
+ the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
commit c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d8b595aa808366628a3d60761726294a8eb41f7
commit 4d8b595aa808366628a3d60761726294a8eb41f7
Merge: ee90b6e d3739e9 4d47d98
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:17 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ee90b6e96ffad2c5dabebb2f6bc96e69ba9a2757
commit ee90b6e96ffad2c5dabebb2f6bc96e69ba9a2757
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:17 2013 -0300
float
diff --git a/meta b/meta
index e27c22f..35b24f1 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
-Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+Previous: 4d47d98038a63156be7d3a6588f4892f3f44b0b3
+Head: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,10 +10,10 @@ Applied:
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+ manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index a9588e2..f682ded 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Top: ef2aa24039042b2529772d0209797c599eb01fbe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3739e943bb05d4edb6ca163f33c2cda30ada1f6
commit d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d47d98038a63156be7d3a6588f4892f3f44b0b3
commit 4d47d98038a63156be7d3a6588f4892f3f44b0b3
Merge: 22819d7 d24ed54
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:01 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22819d712565b64a19a9bb66b1150b60bab262fc
commit 22819d712565b64a19a9bb66b1150b60bab262fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:01 2013 -0300
rename
diff --git a/meta b/meta
index 7db2e07..e27c22f 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: cbeec520ddf7025ba680c736e39b76887de956c0
+Previous: d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
- new.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+ manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-crypt.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-crypt.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=77aa308dccc33e4ccba70b5ac186e1d5c2408f17
commit 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
commit d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
Merge: c68ab57 cbeec52 77aa308
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c68ab570778257693f59e8382d40a4f6c33adbb8
commit c68ab570778257693f59e8382d40a4f6c33adbb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
import
diff --git a/meta b/meta
index 60a716f..7db2e07 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eaea22809e3d84514c9a24279289cb5b093b745
-Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+Previous: cbeec520ddf7025ba680c736e39b76887de956c0
+Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,6 +9,7 @@ Applied:
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+ new.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..8311afe
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,114 @@
+Bottom: 01a0439b7c735fb096210cab50592ed7ae588e00
+Top: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:03:47 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/crypt.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/crypt.texi b/manual/crypt.texi
+index ef90590..5c9f6f7 100644
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -92,7 +92,13 @@ in a convenient way.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun {char *} getpass (const char *@var{prompt})
+-
++@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
++@c This function will attempt to create a stream for terminal I/O, but
++@c will fallback to stdio/stderr. It attempts to change the terminal
++@c mode in a thread-unsafe way, write out the prompt, read the password,
++@c then restore the terminal mode. It has a cleanup to close the stream
++@c in case of (synchronous) cancellation, but not to restore the
++@c terminal mode.
+ @code{getpass} outputs @var{prompt}, then reads a string in from the
+ terminal without echoing it. It tries to connect to the real terminal,
+ @file{/dev/tty}, if possible, to encourage users not to put plaintext
+@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Besides the obvious problem of returning a pointer into static
++@c storage, the DES initializer takes an internal lock with the usual
++@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
++@c NSS implementations of may leak file descriptors if canceled. The
++@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
++@c and NSS relies on dlopening, which brings about another can of worms.
+
+ The @code{crypt} function takes a password, @var{key}, as a string, and
+ a @var{salt} character array which is described below, and returns a
+@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
+ @comment crypt.h
+ @comment GNU
+ @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Compared with crypt, this function fixes the staticbuf problem, but
++@c nothing else.
+
+ The @code{crypt_r} function does the same thing as @code{crypt}, but
+ takes an extra parameter which includes space for its result (among
+@@ -233,6 +249,11 @@ specifies the unused bits.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void setkey (const char *@var{key})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c The static buffer stores the key, making it fundamentally
++@c thread-unsafe. The locking issues are only in the initialization
++@c path; cancelling the initialization will leave the lock held, it
++@c would otherwise repeat the initialization on the next call.
+
+ The @code{setkey} function sets an internal data structure to be an
+ expanded form of @var{key}. @var{key} is specified as an array of 64
+@@ -244,6 +265,8 @@ parity.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void encrypt (char *@var{block}, int @var{edflag})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c Same issues as setkey.
+
+ The @code{encrypt} function encrypts @var{block} if
+ @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
+@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
+ @comment crypt.h
+ @comment GNU
+ @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+ @comment crypt.h
+ @comment GNU
+ @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+
+ These are reentrant versions of @code{setkey} and @code{encrypt}. The
+ only difference is the extra parameter, which stores the expanded
+@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{ecb_crypt} encrypts or decrypts one or more blocks
+ using DES. Each block is encrypted independently.
+@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{cbc_crypt} encrypts or decrypts one or more blocks
+ using DES in Cipher Block Chaining mode.
+@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun void des_setparity (char *@var{key})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{des_setparity} changes the 64-bit @var{key}, stored
+ packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cbeec520ddf7025ba680c736e39b76887de956c0
commit cbeec520ddf7025ba680c736e39b76887de956c0
Merge: 68d86c4 9eaea22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:22 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68d86c42b3ffa5e25ba65e4e8099563ac23879b3
commit 68d86c42b3ffa5e25ba65e4e8099563ac23879b3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:22 2013 -0300
rename
diff --git a/meta b/meta
index 76ffde7..60a716f 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 868381d9e68121f8017a7623afcda1bf00b77bf9
+Previous: 9eaea22809e3d84514c9a24279289cb5b093b745
Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -8,7 +8,7 @@ Applied:
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
- new.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+ manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-conf.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-conf.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
commit 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eaea22809e3d84514c9a24279289cb5b093b745
commit 9eaea22809e3d84514c9a24279289cb5b093b745
Merge: 2c95e61 868381d 517120c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2c95e61f6162511b6ee0d35a151ec7b00488e82e
commit 2c95e61f6162511b6ee0d35a151ec7b00488e82e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
import
diff --git a/meta b/meta
index ece0732..76ffde7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
-Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+Previous: 868381d9e68121f8017a7623afcda1bf00b77bf9
+Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -8,6 +8,7 @@ Applied:
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+ new.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..dc5d0aa
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,65 @@
+Bottom: 214fcee1fc2244efd3fa34e70667561366631af6
+Top: 01a0439b7c735fb096210cab50592ed7ae588e00
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:03:16 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/conf.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..edbb2fd 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} sysconf (int @var{parameter})
++@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
++@c Some parts of the implementation open /proc and /sys files and dirs
++@c to collect system details, using fd and stream I/O depending on the
++@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
++@c calls tzset_internal, that calls getenv if it's called the first
++@c time; there are free and strdup calls in there too. The returned max
++@c value may change over time for TZNAME_MAX, depending on selected
++@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
++@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
++@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
++@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
+ This function is used to inquire about runtime system parameters. The
+ @var{parameter} argument should be one of the @samp{_SC_} symbols listed
+ below.
+@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c When __statfs_link_max finds an ext* filesystem, it may read
++@c /proc/mounts or similar as a mntent stream.
++@c __statfs_chown_restricted may read from
++@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
+ This function is used to inquire about the limits that apply to
+ the file named @var{filename}.
+
+@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c Same caveats as pathconf.
+ This is just like @code{pathconf} except that an open file descriptor
+ is used to specify the file for which information is requested, instead
+ of a file name.
+@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function reads the value of a string-valued system parameter,
+ storing the string into @var{len} bytes of memory space starting at
+ @var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=868381d9e68121f8017a7623afcda1bf00b77bf9
commit 868381d9e68121f8017a7623afcda1bf00b77bf9
Merge: 9141d8e 69e769f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:49 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9141d8e8372bedc822555bdfc515025d1ef6e4fd
commit 9141d8e8372bedc822555bdfc515025d1ef6e4fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:48 2013 -0300
rename
diff --git a/meta b/meta
index b5e50c8..ece0732 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: aff6a80c4f6f02731f47b8a61018af3783eab866
+Previous: 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -7,7 +7,7 @@ Applied:
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- new.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+ manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-charset.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-charset.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
commit 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
commit 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
Merge: dcc9390 aff6a80 3df069f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dcc93906ca71d674ca55d43b24d691f8c3cc5796
commit dcc93906ca71d674ca55d43b24d691f8c3cc5796
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
import
diff --git a/meta b/meta
index 66aeca6..b5e50c8 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,13 @@
Version: 1
-Previous: 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
-Head: a6f2df9755a82acf03faacd3844e32ff5336d033
+Previous: aff6a80c4f6f02731f47b8a61018af3783eab866
+Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
+ new.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..d61f282
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,232 @@
+Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Top: 214fcee1fc2244efd3fa34e70667561366631af6
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:01:33 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/charset.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/charset.texi b/manual/charset.texi
+index e21502e..7e6c416 100644
+--- a/manual/charset.texi
++++ b/manual/charset.texi
+@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int mbsinit (const mbstate_t *@var{ps})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c ps is dereferenced once, unguarded. Potential harmless data race.
+ The @code{mbsinit} function determines whether the state object pointed
+ to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
+ the object is in the initial state the return value is nonzero. Otherwise
+@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t btowc (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls btowc_fct or __fct; reads from locale, and from the
++@c get_gconv_fcts result multiple times. get_gconv_fcts calls
++@c __wcsmbs_load_conv to initialize the ctype if it's null.
++@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
++@c memory for the fcts structure, initializing it, and then storing it
++@c in the locale object. The initialization involves dlopening and a
++@c lot more.
+ The @code{btowc} function (``byte to wide character'') converts a valid
+ single byte character @var{c} in the initial shift state into the wide
+ character equivalent using the conversion rules from the currently
+@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wctob (wint_t @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctob} function (``wide character to byte'') takes as the
+ parameter a valid wide character. If the multibyte representation for
+ this character in the initial state is exactly one byte long, the return
+@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ @cindex stateful
+ The @code{mbrtowc} function (``multibyte restartable to wide
+ character'') converts the next multibyte character in the string pointed
+@@ -728,6 +740,7 @@ function that does part of the work.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbrlen} function (``multibyte restartable length'') computes
+ the number of at most @var{n} bytes starting at @var{s}, which form the
+ next valid and complete multibyte character.
+@@ -811,6 +824,50 @@ doing the work twice.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c wcrtomb uses a static, non-thread-local unguarded state variable when
++@c PS is NULL. When a state is passed in, and it's not used
++@c concurrently in other threads, this function behaves safely as long
++@c as gconv modules don't bring MT safety issues of their own.
++@c Attempting to load gconv modules or to build conversion chains in
++@c signal handlers may encounter gconv databases or caches in a
++@c partially-updated state, and asynchronous cancellation may leave them
++@c in such states, besides leaking the lock that guards them.
++@c get_gconv_fcts ok
++@c wcsmbs_load_conv ok
++@c norm_add_slashes ok
++@c wcsmbs_getfct ok
++@c gconv_find_transform ok
++@c gconv_read_conf (libc_once)
++@c gconv_lookup_cache ok
++@c find_module_idx ok
++@c find_module ok
++@c gconv_find_shlib (ok)
++@c ->init_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c do_lookup_alias ok
++@c find_derivation ok
++@c derivation_lookup ok
++@c increment_counter ok
++@c gconv_find_shlib ok
++@c step->init_fct (assumed ok)
++@c gen_steps ok
++@c gconv_find_shlib ok
++@c dlopen (presumed ok)
++@c dlsym (presumed ok)
++@c step->init_fct (assumed ok)
++@c step->end_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c add_derivation ok
++@c gconv_close_transform ok
++@c gconv_release_step ok
++@c step->end_fct (assumed ok)
++@c gconv_release_shlib ok
++@c dlclose (presumed ok)
++@c gconv_release_cache ok
++@c ->tomb->__fct (assumed ok)
+ The @code{wcrtomb} function (``wide character restartable to
+ multibyte'') converts a single wide character into a multibyte string
+ corresponding to that wide character.
+@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsrtowcs} function (``multibyte string restartable to wide
+ character string'') converts an NUL-terminated multibyte character
+ string at @code{*@var{src}} into an equivalent wide character string,
+@@ -1039,6 +1097,7 @@ length and passing this length to the function.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsrtombs} function (``wide character string restartable to
+ multibyte string'') converts the NUL-terminated wide character string at
+ @code{*@var{src}} into an equivalent multibyte character string and
+@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
+ function. All the parameters are the same except for @var{nmc}, which is
+ new. The return value is the same as for @code{mbsrtowcs}.
+@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsnrtombs} function implements the conversion from wide
+ character strings to multibyte character strings. It is similar to
+ @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
+@@ -1280,6 +1341,7 @@ conversion functions.}
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbtowc} (``multibyte to wide character'') function when called
+ with non-null @var{string} converts the first multibyte character
+ beginning at @var{string} to its corresponding wide character code. It
+@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctomb} (``wide character to multibyte'') function converts
+ the wide character code @var{wchar} to its corresponding multibyte
+ character sequence, and stores the result in bytes starting at
+@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mblen (const char *@var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mblen} function with a non-null @var{string} argument returns
+ the number of bytes that make up the multibyte character beginning at
+ @var{string}, never examining more than @var{size} bytes. (The idea is
+@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Odd... Although this is in the non-reentrant section, the state
++@c object is automatic, not a static buffer.
+ The @code{mbstowcs} (``multibyte string to wide character string'')
+ function converts the null-terminated string of multibyte characters
+ @var{string} to an array of wide character codes, storing not more than
+@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcstombs} (``wide character string to multibyte string'')
+ function converts the null-terminated wide character array @var{wstring}
+ into a string containing multibyte characters, storing not more than
+@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
++@c strip and upstr on both, then gconv_open. strip and upstr call
++@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
++@c tokenize toset, replace unspecified codesets with the current locale
++@c (posibly two different accesses), and finally it calls
++@c gconv_find_transform and initializes the gconv_t result with all the
++@c steps in the conversion sequence, running each one's initializer,
++@c destructing and releasing them all if anything fails.
++
+ The @code{iconv_open} function has to be used before starting a
+ conversion. The two parameters this function takes determine the
+ source and destination character set for the conversion, and if the
+@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun int iconv_close (iconv_t @var{cd})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
++@c Calls gconv_close to destruct and release each of the conversion
++@c steps, release the gconv_t object, then call gconv_close_transform.
++@c Access to the gconv_t object is not guarded, but calling iconv_close
++@c concurrently with any other use is undefined.
++
+ The @code{iconv_close} function frees all resources associated with the
+ handle @var{cd}, which must have been returned by a successful call to
+ the @code{iconv_open} function.
+@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c Without guarding access to the gconv_t object pointed to by cd, call
++@c the conversion function to convert inbuf or flush the internal
++@c conversion state.
+ @cindex stateful
+ The @code{iconv} function converts the text in the input buffer
+ according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aff6a80c4f6f02731f47b8a61018af3783eab866
commit aff6a80c4f6f02731f47b8a61018af3783eab866
Merge: 96dbf41 1037ba6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:24 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96dbf412285bf011376452689da1c4e476c4b8f4
commit 96dbf412285bf011376452689da1c4e476c4b8f4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:24 2013 -0300
pop
diff --git a/meta b/meta
index 03244cf..66aeca6 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: f02c0e21f0bcde96b0c9fba5082bfab8011f819b
-Head: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
+Previous: 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
+Head: a6f2df9755a82acf03faacd3844e32ff5336d033
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Unapplied:
+ manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6f2df9755a82acf03faacd3844e32ff5336d033
commit a6f2df9755a82acf03faacd3844e32ff5336d033
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
commit 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
Merge: 3f1d89c 168f6d6 f02c0e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f1d89c572ccf3a5150faa0577314d34d359a95a
commit 3f1d89c572ccf3a5150faa0577314d34d359a95a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:22 2013 -0300
push
diff --git a/meta b/meta
index 1bf113b..03244cf 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 870a5eece5a3e5118f41a273a5e0d57218e66127
-Head: 3a08620f4907bff742b31a6f67651e4a3b21c179
+Previous: f02c0e21f0bcde96b0c9fba5082bfab8011f819b
+Head: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
+ manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
+ manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Unapplied:
- manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
- manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 2977482..b25c52a 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: 77a9710ea0dc3422d900f3c93d406942e132693c
+Bottom: 159ee8e039a2ee1968f5b806b99cb2c568c31678
+Top: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8aae437..fb0f44d 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
-Top: e394e37491899340294bfd977f43c098c558c2b1
+Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Top: 9d00eea6735363e6e80869186f9fb160ee3e5642
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=168f6d659bcb7106985edac12bc7b3a2110a7fb0
commit 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a08620f4907bff742b31a6f67651e4a3b21c179
commit 3a08620f4907bff742b31a6f67651e4a3b21c179
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f02c0e21f0bcde96b0c9fba5082bfab8011f819b
commit f02c0e21f0bcde96b0c9fba5082bfab8011f819b
Merge: 80cd2a7 3a08620 870a5ee
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:13 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=80cd2a7119496bb7b8d9fbd2efc0734dfa4de5f5
commit 80cd2a7119496bb7b8d9fbd2efc0734dfa4de5f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:13 2013 -0300
float
diff --git a/meta b/meta
index 6ebdbd5..1bf113b 100644
--- a/meta
+++ b/meta
@@ -1,16 +1,16 @@
Version: 1
-Previous: 55da5cc8b1a927b818e90ac3ebb021f1f93db170
-Head: 04381689562081fc1e2328e5807e0dc537c1c5fc
+Previous: 870a5eece5a3e5118f41a273a5e0d57218e66127
+Head: 3a08620f4907bff742b31a6f67651e4a3b21c179
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
+ manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
Unapplied:
manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index d575e96..5313e9f 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a71a934d3af669b0a2a4656922c2a6cfd020181a
+Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Top: 159ee8e039a2ee1968f5b806b99cb2c568c31678
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=870a5eece5a3e5118f41a273a5e0d57218e66127
commit 870a5eece5a3e5118f41a273a5e0d57218e66127
Merge: 178ff64 55da5cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:07 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=178ff64a45437921cbeedce8d650e2ec827fd205
commit 178ff64a45437921cbeedce8d650e2ec827fd205
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:07 2013 -0300
pop
diff --git a/meta b/meta
index 66ba666..6ebdbd5 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,12 @@
Version: 1
-Previous: 4333c49a222db29650411bf35bcf96e650464ff9
-Head: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
+Previous: 55da5cc8b1a927b818e90ac3ebb021f1f93db170
+Head: 04381689562081fc1e2328e5807e0dc537c1c5fc
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Unapplied:
+ manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55da5cc8b1a927b818e90ac3ebb021f1f93db170
commit 55da5cc8b1a927b818e90ac3ebb021f1f93db170
Merge: 43832e8 60f0d7a 4333c49
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=43832e8a8aa6cffa171f6bc90c9f68f13ea8e03e
commit 43832e8a8aa6cffa171f6bc90c9f68f13ea8e03e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh
diff --git a/meta b/meta
index 4b29503..66ba666 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,11 @@
Version: 1
-Previous: 0c3a0fd528c1aea76c88e92991b952428087e5a5
-Head: e100ba384a1bfa95f011c59ef9e535600dbbbf03
+Previous: 4333c49a222db29650411bf35bcf96e650464ff9
+Head: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
- refresh-temp: e100ba384a1bfa95f011c59ef9e535600dbbbf03
+ manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 5f1c9c2..2977482 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: 77a9710ea0dc3422d900f3c93d406942e132693c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/arith.texi b/manual/arith.texi
-index 77056c3..833e0c9 100644
+index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@@ -49,7 +49,47 @@ index 77056c3..833e0c9 100644
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
-@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
+@@ -318,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -368,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -379,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -390,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
@@ -57,7 +97,7 @@ index 77056c3..833e0c9 100644
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
-@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
+@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
@@ -65,7 +105,7 @@ index 77056c3..833e0c9 100644
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
-@@ -445,6 +452,7 @@ function for some reason, you can write
+@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
@@ -73,7 +113,7 @@ index 77056c3..833e0c9 100644
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
-@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
+@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
@@ -96,7 +136,7 @@ index 77056c3..833e0c9 100644
This function clears all of the supported exception flags indicated by
@var{excepts}.
-@@ -723,6 +747,7 @@ non-zero value otherwise.
+@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
@@ -104,7 +144,7 @@ index 77056c3..833e0c9 100644
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
-@@ -738,6 +763,7 @@ non-zero value otherwise.
+@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
@@ -112,7 +152,7 @@ index 77056c3..833e0c9 100644
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
-@@ -774,6 +800,7 @@ following functions:
+@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
@@ -120,7 +160,7 @@ index 77056c3..833e0c9 100644
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
-@@ -785,6 +812,7 @@ non-zero value otherwise.
+@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
@@ -128,7 +168,7 @@ index 77056c3..833e0c9 100644
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
-@@ -940,6 +968,7 @@ find out which one with this function:
+@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
@@ -136,7 +176,7 @@ index 77056c3..833e0c9 100644
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
-@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
+@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
@@ -144,7 +184,7 @@ index 77056c3..833e0c9 100644
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
-@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
+@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
@@ -152,7 +192,7 @@ index 77056c3..833e0c9 100644
Store the floating-point environment in the variable pointed to by
@var{envp}.
-@@ -1004,6 +1035,7 @@ non-zero value otherwise.
+@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
@@ -160,7 +200,7 @@ index 77056c3..833e0c9 100644
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
-@@ -1042,6 +1074,7 @@ functions:
+@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
@@ -168,7 +208,7 @@ index 77056c3..833e0c9 100644
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
-@@ -1051,6 +1084,7 @@ non-zero value otherwise.
+@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
@@ -176,7 +216,7 @@ index 77056c3..833e0c9 100644
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
-@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
+@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
@@ -184,7 +224,7 @@ index 77056c3..833e0c9 100644
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
-@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
+@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
@@ -192,7 +232,7 @@ index 77056c3..833e0c9 100644
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
-@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
+@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
@@ -200,7 +240,7 @@ index 77056c3..833e0c9 100644
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
-@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
+@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
@@ -208,7 +248,7 @@ index 77056c3..833e0c9 100644
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
-@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
@@ -216,7 +256,7 @@ index 77056c3..833e0c9 100644
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
-@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
+@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
@@ -224,7 +264,7 @@ index 77056c3..833e0c9 100644
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
-@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
+@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
@@ -232,7 +272,7 @@ index 77056c3..833e0c9 100644
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
-@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
+@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
@@ -240,7 +280,7 @@ index 77056c3..833e0c9 100644
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
-@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
+@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
@@ -248,7 +288,7 @@ index 77056c3..833e0c9 100644
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
-@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
@@ -256,7 +296,7 @@ index 77056c3..833e0c9 100644
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
-@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
@@ -264,7 +304,7 @@ index 77056c3..833e0c9 100644
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
@@ -272,7 +312,7 @@ index 77056c3..833e0c9 100644
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
-@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
+@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
@@ -280,7 +320,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
-@@ -1349,6 +1396,7 @@ is @code{2.0}.
+@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
@@ -288,7 +328,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
-@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
+@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
@@ -296,7 +336,7 @@ index 77056c3..833e0c9 100644
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
-@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
@@ -304,7 +344,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
-@@ -1397,6 +1447,7 @@ inexact exception.
+@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
@@ -312,7 +352,7 @@ index 77056c3..833e0c9 100644
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
-@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
+@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
@@ -320,7 +360,7 @@ index 77056c3..833e0c9 100644
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
-@@ -1424,6 +1476,7 @@ current rounding mode).
+@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
@@ -328,7 +368,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
+@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
@@ -336,7 +376,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
-@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
+@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
@@ -344,7 +384,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
+@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
@@ -352,7 +392,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
-@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
+@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
@@ -360,7 +400,7 @@ index 77056c3..833e0c9 100644
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
-@@ -1503,6 +1560,7 @@ suits your problem.
+@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
@@ -368,7 +408,7 @@ index 77056c3..833e0c9 100644
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
-@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
+@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
@@ -376,7 +416,7 @@ index 77056c3..833e0c9 100644
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
-@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
+@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
@@ -384,7 +424,7 @@ index 77056c3..833e0c9 100644
This function is another name for @code{drem}.
@end deftypefun
-@@ -1569,6 +1629,7 @@ bits.
+@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
@@ -392,7 +432,7 @@ index 77056c3..833e0c9 100644
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
-@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
@@ -400,7 +440,7 @@ index 77056c3..833e0c9 100644
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
-@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
+@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
@@ -408,7 +448,7 @@ index 77056c3..833e0c9 100644
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
-@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
@@ -416,7 +456,7 @@ index 77056c3..833e0c9 100644
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
-@@ -1640,6 +1704,8 @@ double}.
+@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
@@ -425,7 +465,7 @@ index 77056c3..833e0c9 100644
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
-@@ -1674,6 +1740,7 @@ arguments only once.
+@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -433,7 +473,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -441,7 +481,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -449,7 +489,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
-@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
+@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -457,7 +497,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -465,7 +505,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
-@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
+@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -473,7 +513,7 @@ index 77056c3..833e0c9 100644
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
-@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
+@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
@@ -481,7 +521,7 @@ index 77056c3..833e0c9 100644
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
-@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
+@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
@@ -489,7 +529,7 @@ index 77056c3..833e0c9 100644
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
-@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
+@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
@@ -497,7 +537,7 @@ index 77056c3..833e0c9 100644
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
-@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
+@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
@@ -505,7 +545,7 @@ index 77056c3..833e0c9 100644
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
-@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
+@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
@@ -513,7 +553,7 @@ index 77056c3..833e0c9 100644
These functions return the real part of the complex number @var{z}.
@end deftypefun
-@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
+@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
@@ -521,7 +561,7 @@ index 77056c3..833e0c9 100644
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
-@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
+@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
@@ -529,7 +569,7 @@ index 77056c3..833e0c9 100644
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
-@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
@@ -537,7 +577,7 @@ index 77056c3..833e0c9 100644
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
-@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
+@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
@@ -545,7 +585,7 @@ index 77056c3..833e0c9 100644
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
-@@ -2034,6 +2115,16 @@ as well.
+@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -562,7 +602,7 @@ index 77056c3..833e0c9 100644
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
-@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
+@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -570,7 +610,7 @@ index 77056c3..833e0c9 100644
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
-@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -578,7 +618,7 @@ index 77056c3..833e0c9 100644
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
-@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
+@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -586,7 +626,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
-@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -594,7 +634,7 @@ index 77056c3..833e0c9 100644
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
-@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
+@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -602,7 +642,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
-@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -617,7 +657,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
-@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
+@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -625,7 +665,7 @@ index 77056c3..833e0c9 100644
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
-@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
+@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -633,7 +673,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
-@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -648,7 +688,7 @@ index 77056c3..833e0c9 100644
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
-@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
+@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -656,7 +696,7 @@ index 77056c3..833e0c9 100644
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
-@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -664,7 +704,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
-@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
+@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -672,7 +712,7 @@ index 77056c3..833e0c9 100644
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
-@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -680,7 +720,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
-@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
+@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
@@ -688,7 +728,7 @@ index 77056c3..833e0c9 100644
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
-@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
+@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
@@ -696,7 +736,7 @@ index 77056c3..833e0c9 100644
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
-@@ -2267,6 +2375,7 @@ instead.
+@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
@@ -704,17 +744,43 @@ index 77056c3..833e0c9 100644
This function is similar to @code{atol}, except it returns a @code{long
long int}.
-@@ -2331,6 +2440,9 @@ as well.
+@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
-@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
+@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
@@ -722,7 +788,7 @@ index 77056c3..833e0c9 100644
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
-@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
+@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
@@ -730,7 +796,7 @@ index 77056c3..833e0c9 100644
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
-@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
+@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
@@ -738,7 +804,7 @@ index 77056c3..833e0c9 100644
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
-@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
+@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -746,7 +812,7 @@ index 77056c3..833e0c9 100644
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
-@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
+@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -754,7 +820,7 @@ index 77056c3..833e0c9 100644
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
-@@ -2516,6 +2633,9 @@ to @code{fcvt}.
+@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
@@ -764,7 +830,7 @@ index 77056c3..833e0c9 100644
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
-@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
+@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -772,7 +838,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
+@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -780,7 +846,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
+@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
@@ -788,7 +854,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2566,6 +2689,7 @@ user-supplied buffer.
+@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -796,7 +862,7 @@ index 77056c3..833e0c9 100644
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2577,6 +2701,7 @@ This function is a GNU extension.
+@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -804,7 +870,7 @@ index 77056c3..833e0c9 100644
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2588,6 +2713,7 @@ This function is a GNU extension.
+@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -812,7 +878,7 @@ index 77056c3..833e0c9 100644
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2599,6 +2725,7 @@ This function is a GNU extension.
+@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 1950b7a..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,86 +0,0 @@
-Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
-Top: 77a9710ea0dc3422d900f3c93d406942e132693c
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:00:05 -0300
-
-Refresh of manual-document-mt-safety-arith.patch
-
----
-
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 833e0c9..5c3aa9d 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -323,6 +323,7 @@ floating-point number a variable holds.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is a generic macro which works on all floating-point types and
- which returns a value of type @code{int}. The possible values are:
-
-@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite: not plus or
- minus infinity, and not NaN. It is equivalent to
-
-@@ -373,6 +375,7 @@ floating-point type.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite and normalized.
- It is equivalent to
-
-@@ -384,6 +387,7 @@ It is equivalent to
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is NaN. It is equivalent
- to
-
-@@ -395,6 +399,7 @@ to
- @comment math.h
- @comment GNU
- @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is a signaling NaN
- (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
- extension.
-@@ -2443,6 +2448,32 @@ as well.
- @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
- @c mpn, but it's all safe.
-+@c
-+@c round_and_return
-+@c get_rounding_mode ok
-+@c mpn_add_1 ok
-+@c mpn_rshift ok
-+@c MPN_ZERO ok
-+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
-+@c str_to_mpn
-+@c mpn_mul_1 -> umul_ppmm ok
-+@c mpn_add_1 ok
-+@c mpn_lshift_1 -> mpn_lshift ok
-+@c STRTOF_INTERNAL
-+@c MPN_VAR ok
-+@c SET_MANTISSA ok
-+@c STRNCASECMP ok, wide and narrow
-+@c round_and_return ok
-+@c mpn_mul ok
-+@c mpn_addmul_1 ok
-+@c ... mpn_sub
-+@c mpn_lshift ok
-+@c udiv_qrnnd ok
-+@c count_leading_zeros ok
-+@c add_ssaaaa ok
-+@c sub_ddmmss ok
-+@c umul_ppmm ok
-+@c mpn_submul_1 ok
- The @code{strtod} (``string-to-double'') function converts the initial
- part of @var{string} to a floating-point number, which is returned as a
- value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4333c49a222db29650411bf35bcf96e650464ff9
commit 4333c49a222db29650411bf35bcf96e650464ff9
Merge: 15f6d5c 0c3a0fd e100ba3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=15f6d5c35067e03be01c127bcfd9e2e9fe1b8533
commit 15f6d5c35067e03be01c127bcfd9e2e9fe1b8533
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index ec1a72d..4b29503 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,12 @@
Version: 1
-Previous: a9a80d7db412a35452f3cf4e4409c2b8f57c906f
-Head: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+Previous: 0c3a0fd528c1aea76c88e92991b952428087e5a5
+Head: e100ba384a1bfa95f011c59ef9e535600dbbbf03
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+ refresh-temp: e100ba384a1bfa95f011c59ef9e535600dbbbf03
Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..1950b7a
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,86 @@
+Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: 77a9710ea0dc3422d900f3c93d406942e132693c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:00:05 -0300
+
+Refresh of manual-document-mt-safety-arith.patch
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 833e0c9..5c3aa9d 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -323,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -373,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -384,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -395,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -2443,6 +2448,32 @@ as well.
+ @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+ @c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e100ba384a1bfa95f011c59ef9e535600dbbbf03
commit e100ba384a1bfa95f011c59ef9e535600dbbbf03
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:05 2013 -0300
Refresh of manual-document-mt-safety-arith.patch
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0c3a0fd528c1aea76c88e92991b952428087e5a5
commit 0c3a0fd528c1aea76c88e92991b952428087e5a5
Merge: 3aac299 a9a80d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:59:00 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3aac29928db4613c0439ea41f186f8c7c94a98c4
commit 3aac29928db4613c0439ea41f186f8c7c94a98c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:59:00 2013 -0300
goto
diff --git a/meta b/meta
index 0cac905..ec1a72d 100644
--- a/meta
+++ b/meta
@@ -1,16 +1,16 @@
Version: 1
-Previous: 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
-Head: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
+Previous: a9a80d7db412a35452f3cf4e4409c2b8f57c906f
+Head: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9a80d7db412a35452f3cf4e4409c2b8f57c906f
commit a9a80d7db412a35452f3cf4e4409c2b8f57c906f
Merge: 96fada4 9d7c8bd 96ebb1e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:58:08 2013 -0300
edit
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96fada49944a65715ea9527fe936c5cb703066d8
commit 96fada49944a65715ea9527fe936c5cb703066d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:58:08 2013 -0300
edit
diff --git a/meta b/meta
index 5d9f62a..0cac905 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7e8611dfbf8a75c282b47f6b161e96476686f52e
-Head: 9c72e170ce965fba178d57de917a65654076047c
+Previous: 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
+Head: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-argp.patch: 9c72e170ce965fba178d57de917a65654076047c
+ manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 61f2f79..d575e96 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -7,7 +7,7 @@ Thread safety documentation.
for ChangeLog
- * manual/???.texi: Document thread safety properties.
+ * manual/argp.texi: Document thread safety properties.
---
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
commit 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96ebb1e30dfff4c328081e6ba98ee59e9a16d520
commit 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
Merge: d9b0b74 9c72e17 7e8611d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9b0b74c401b64500244517f1adf29c170ffd33e
commit d9b0b74c401b64500244517f1adf29c170ffd33e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
import
diff --git a/meta b/meta
index 54c22b4..5d9f62a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d11da2b66d5e92c15d1fc15f0ea42641d2461e28
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 7e8611dfbf8a75c282b47f6b161e96476686f52e
+Head: 9c72e170ce965fba178d57de917a65654076047c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-argp.patch: 9c72e170ce965fba178d57de917a65654076047c
Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
new file mode 100644
index 0000000..61f2f79
--- /dev/null
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -0,0 +1,241 @@
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a71a934d3af669b0a2a4656922c2a6cfd020181a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:57:08 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/???.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index c9fbe97..5322f91 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -36,6 +36,35 @@ needed in @code{main}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
++@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Optionally alloca()tes standard help options, initializes the parser,
++@c then parses individual args in a loop, and then finalizes.
++@c parser_init
++@c calc_sizes ok
++@c option_is_end ok
++@c malloc
++@c parser_convert glocale
++@c convert_options glocale
++@c option_is_end ok
++@c option_is_short ok
++@c isprint, but locale may change within the loop
++@c find_long_option ok
++@c group_parse
++@c group->parser (from argp->parser)
++@c parser_parse_next
++@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
++@c parser_parse_arg
++@c group_parse
++@c parser_parse_opt
++@c group_parse
++@c argp_error
++@c dgettext (bad key error)
++@c parser_finalize
++@c group_parse
++@c fprintf
++@c dgettext
++@c arg_state_help
++@c free
+ The @code{argp_parse} function parses the arguments in @var{argv}, of
+ length @var{argc}, using the argp parser @var{argp}. @xref{Argp
+ Parsers}. Passing a null pointer for @var{argp} is the same as using
+@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_usage (const struct argp_state *@var{state})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
+ Outputs the standard usage message for the argp parser referred to by
+ @var{state} to @code{@var{state}->err_stream} and terminate the program
+ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Lock stream, vasprintf the formatted message into a buffer, print the
++@c buffer prefixed by the short program name (in libc,
++@c argp_short_program_name is a macro that expands to
++@c program_invocation_short_name), releases the buffer, then call
++@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
++@c stream at the end.
+ Prints the printf format string @var{fmt} and following args, preceded
+ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ --help}} message, and terminates the program with an exit status of
+@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Lock stream, write out the short program name, vasprintf the optional
++@c formatted message to a buffer, print the buffer prefixed by colon and
++@c blank, release the buffer, call strerror_r with an automatic buffer,
++@c print it out after colon and blank, put[w]c a line break, unlock the
++@c stream, then exit unless ARGP_NO_EXIT.
+ Similar to the standard gnu error-reporting function @code{error}, this
+ prints the program name and @samp{:}, the printf format string
+ @var{fmt}, and the appropriate following args. If it is non-zero, the
+@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help with the short program name and optionally exit.
++@c The main problems in _help, besides the usual issues with stream I/O
++@c and translation, are the use of a static buffer (uparams) that makes
++@c the whole thing thread-unsafe, reading from the environment for
++@c ARGP_HELP_FMT, accessing the locale object multiple times.
++
++@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c flockfile lockleak
++@c funlockfile lockleak
++@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
++@c argp_failure dup (status = errnum = 0)
++@c atoi dup
++@c argp_hol asmalloc, memleak
++@c make_hol asmalloc, memleak
++@c hol_add_cluster asmalloc, memleak
++@c hol_append asmalloc, memleak
++@c hol_set_group ok
++@c hol_find_entry ok
++@c hol_sort glocale, asmalloc, memleak
++@c qsort asmalloc, memleak
++@c hol_entry_qcmp glocale
++@c hol_entry_cmp glocale
++@c group_cmp ok
++@c hol_cluster_cmp ok
++@c group_cmp ok
++@c hol_entry_first_short glocale
++@c hol_entry_short_iterate [glocale]
++@c until_short ok
++@c oshort ok
++@c isprint ok
++@c odoc ok
++@c hol_entry_first_long ok
++@c canon_doc_option glocale
++@c tolower dup
++@c hol_usage glocale, asi18n, asmalloc, memleak
++@c hol_entry_short_iterate ok
++@c add_argless_short_opt ok
++@c argp_fmtstream_printf dup
++@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
++@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
++@c usage_long_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_wmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_putc dup
++@c hol_cluster_is_child ok
++@c argp_fmtstream_wmargin dup
++@c print_header dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c indent_to dup
++@c argp_fmtstream_putc dup
++@c arg glocale, asmalloc, memleak
++@c argp_fmtstream_printf dup
++@c odoc dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_printf dup
++@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c indent_to dup
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c filter_doc dup
++@c argp_fmtstream_point dup
++@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_putc dup
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c hol_free asmalloc, memleak
++@c free dup
++@c argp_args_levels ok
++@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc ok
++@c argp_input ok
++@c argp->help_filter
++@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_write dup
++@c free dup
++@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c strndup asmalloc, memleak
++@c argp_input dup
++@c argp->help_filter
++@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure dup
++@c argp_fmtstream_write dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_lmargin dup
++@c free dup
++@c argp_make_fmtstream asmalloc, memleak
++@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
++@c put[w]c_unlocked dup
++@c isblank in loop glocale
++@c fxprintf lockleak
++@c fxprintf lockleak
++@c free dup
++@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_printf glocale, asmalloc, memleak
++@c argp_fmtstream_ensure dup
++@c vsnprintf dup
++@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update dup
++@c fxprintf lockleak
++@c realloc asmalloc, memleak
+ Outputs a help message for the argp parser referred to by @var{state},
+ to @var{stream}. The @var{flags} argument determines what sort of help
+ message is produced. @xref{Argp Help Flags}.
+@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c72e170ce965fba178d57de917a65654076047c
commit 9c72e170ce965fba178d57de917a65654076047c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7e8611dfbf8a75c282b47f6b161e96476686f52e
commit 7e8611dfbf8a75c282b47f6b161e96476686f52e
Merge: 8e11c55 d11da2b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:25 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8e11c554371a8a899acb151eef8276c929386ca5
commit 8e11c554371a8a899acb151eef8276c929386ca5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:25 2013 -0300
pop
diff --git a/meta b/meta
index 8d20da7..54c22b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 787273f6143b548e5f11f11b3c3c95fa45db9c4c
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: d11da2b66d5e92c15d1fc15f0ea42641d2461e28
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d11da2b66d5e92c15d1fc15f0ea42641d2461e28
commit d11da2b66d5e92c15d1fc15f0ea42641d2461e28
Merge: c10c502 787273f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:17 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c10c50214e1269808d0662d71ccd99f3c32d2ce3
commit c10c50214e1269808d0662d71ccd99f3c32d2ce3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:17 2013 -0300
push
diff --git a/meta b/meta
index 063172b..8d20da7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 64199f51a381b4d4b5f7315b70c469e03864f76d
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 787273f6143b548e5f11f11b3c3c95fa45db9c4c
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=787273f6143b548e5f11f11b3c3c95fa45db9c4c
commit 787273f6143b548e5f11f11b3c3c95fa45db9c4c
Merge: 39cc60e 64199f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:16 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39cc60e0947495e98f5040aa9a7dc30327fec99e
commit 39cc60e0947495e98f5040aa9a7dc30327fec99e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:16 2013 -0300
pop
diff --git a/meta b/meta
index 72f3a68..063172b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7ba5686bb79cef2c170433c89c68e7575d7668c4
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: 64199f51a381b4d4b5f7315b70c469e03864f76d
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=64199f51a381b4d4b5f7315b70c469e03864f76d
commit 64199f51a381b4d4b5f7315b70c469e03864f76d
Merge: 588c9a7 7ba5686
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:16 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=588c9a7cd0103760ac51eb8b74b41973dea845a4
commit 588c9a7cd0103760ac51eb8b74b41973dea845a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:16 2013 -0300
push
diff --git a/meta b/meta
index d9759ea..72f3a68 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 08970c2b94024e0d230a0d776f1871063f8e6c88
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 7ba5686bb79cef2c170433c89c68e7575d7668c4
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ba5686bb79cef2c170433c89c68e7575d7668c4
commit 7ba5686bb79cef2c170433c89c68e7575d7668c4
Merge: 061c868 08970c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:09 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=061c8681a056597b8bbd858c0f4f02319cf9bf9d
commit 061c8681a056597b8bbd858c0f4f02319cf9bf9d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:09 2013 -0300
pop
diff --git a/meta b/meta
index 982c922..d9759ea 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 341e0af39e89972732f33b2256ec2fbf58b1e847
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: 08970c2b94024e0d230a0d776f1871063f8e6c88
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08970c2b94024e0d230a0d776f1871063f8e6c88
commit 08970c2b94024e0d230a0d776f1871063f8e6c88
Merge: d313dd8 373cd12 341e0af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:28 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d313dd81e9656f121dc256f8de0ed9330b50b7d2
commit d313dd81e9656f121dc256f8de0ed9330b50b7d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:28 2013 -0300
push
diff --git a/meta b/meta
index 8fa23ce..982c922 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 341e0af39e89972732f33b2256ec2fbf58b1e847
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 83ac8f5..403d0e3 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -685,330 +685,6 @@ index ef90590..5c9f6f7 100644
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-index f05d509..ddf38ce 100644
---- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int islower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The is* macros call __ctype_b_loc to get the ctype array from the
-+@c current locale, and then index it by c. __ctype_b_loc reads from
-+@c thread-local memory the (indirect) pointer to the ctype array, which
-+@c may involve one word access to the global locale object, if that's
-+@c the active locale for the thread, and the array, being part of the
-+@c locale data, is undeletable, so there's no thread-safety issue.
- Returns true if @var{c} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isalpha (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphabetic character (a letter). If
- @code{islower} or @code{isupper} is true of a character, then
- @code{isalpha} is also true.
-@@ -97,6 +106,7 @@ additional characters.
- @comment ctype.h
- @comment ISO
- @deftypefun int isdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @end deftypefun
-
-@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @comment ctype.h
- @comment ISO
- @deftypefun int isalnum (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphanumeric character (a letter or
- number); in other words, if either @code{isalpha} or @code{isdigit} is
- true of a character, then @code{isalnum} is also true.
-@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
- @comment ctype.h
- @comment ISO
- @deftypefun int isxdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
- @comment ctype.h
- @comment ISO
- @deftypefun int ispunct (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -132,6 +145,7 @@ character.
- @comment ctype.h
- @comment ISO
- @deftypefun int isspace (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{isspace} returns true for only the standard
- whitespace characters:
-@@ -161,6 +175,7 @@ vertical tab
- @comment ctype.h
- @comment ISO
- @deftypefun int isblank (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- @end deftypefun
-@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
- @comment ctype.h
- @comment ISO
- @deftypefun int isgraph (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -178,6 +194,7 @@ considered graphic.
- @comment ctype.h
- @comment ISO
- @deftypefun int isprint (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
- @end deftypefun
-@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
- @comment ctype.h
- @comment ISO
- @deftypefun int iscntrl (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a control character (that is, a character that
- is not a printing character).
- @end deftypefun
-@@ -194,6 +212,7 @@ is not a printing character).
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int isascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
- into the US/UK ASCII character set. This function is a BSD extension
- and is also an SVID extension.
-@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The to* macros/functions call different functions that use different
-+@c arrays than those of__ctype_b_loc, but the access patterns and
-+@c thus safety guarantees are the same.
- If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
- lower-case letter. If @var{c} is not an upper-case letter,
- @var{c} is returned unchanged.
-@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
- @comment ctype.h
- @comment ISO
- @deftypefun int toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
- upper-case letter. Otherwise @var{c} is returned unchanged.
- @end deftypefun
-@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int toascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function converts @var{c} to a 7-bit @code{unsigned char} value
- that fits into the US/UK ASCII character set, by clearing the high-order
- bits. This function is a BSD extension and is also an SVID extension.
-@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
- @comment ctype.h
- @comment SVID
- @deftypefun int _tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{tolower}, and is provided for compatibility
- with the SVID. @xref{SVID}.@refill
- @end deftypefun
-@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
- @comment ctype.h
- @comment SVID
- @deftypefun int _toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{toupper}, and is provided for compatibility
- with the SVID.
- @end deftypefun
-@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctype_t wctype (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Although the source code of wctype contains multiple references to
-+@c the locale, that could each reference different locale_data objects
-+@c should the global locale object change while active, the compiler can
-+@c and does combine them all into a single dereference that resolves
-+@c once to the LCTYPE locale object used throughout the function, so it
-+@c is safe in practice, if not in theory. Ideally we'd explicitly save
-+@c the resolved locale_data object to make it visibly safe instead of
-+@c safe only under compiler optimizations.
- The @code{wctype} returns a value representing a class of wide
- characters which is identified by the string @var{property}. Beside
- some standard properties each locale can define its own ones. In case
-@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The compressed lookup table returned by wctype is read-only.
- This function returns a nonzero value if @var{wc} is in the character
- class specified by @var{desc}. @var{desc} must previously be returned
- by a successful call to @code{wctype}.
-@@ -350,6 +388,15 @@ standard classes.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalnum (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c The implicit wctype call in the isw* functions is actually an
-+@c optimized version because the category has a known offset, but the
-+@c wctype is equally safe when optimized, unsafe if not optimized.
-+@c Since it's not a macro, and we always optimize, it's fine. The test
-+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
-+@c bring any other safety issues: the test does not depend on the
-+@c locale, and each path after the decision resolves the locale object
-+@c only once.
- This function returns a nonzero value if @var{wc} is an alphanumeric
- character (a letter or number); in other words, if either @code{iswalpha}
- or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalpha (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an alphabetic character (a letter). If
- @code{iswlower} or @code{iswupper} is true of a character, then
- @code{iswalpha} is also true.
-@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswcntrl (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a control character (that is, a character that
- is not a printing character).
-
-@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
- Please note that this function does not only return a nonzero value for
- @emph{decimal} digits, but for all kinds of digits. A consequence is
-@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswgraph (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int iswlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswprint (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
-
-@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswpunct (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswspace (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{iswspace} returns true for only the standard
- whitespace characters:
-@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswxdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -597,6 +654,7 @@ characters as well.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswblank (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- It is declared in @file{wchar.h}.
-@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Similar implementation, same caveats as wctype.
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Same caveats as iswctype.
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
-@@ -732,6 +792,9 @@ for them.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
-+@c table.
- If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
- lower-case letter. If @var{wc} is not an upper-case letter,
- @var{wc} is returned unchanged.
-@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
- upper-case letter. Otherwise @var{wc} is returned unchanged.
-
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=373cd1281ba686c2fef8b1307137684c40b28058
commit 373cd1281ba686c2fef8b1307137684c40b28058
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=341e0af39e89972732f33b2256ec2fbf58b1e847
commit 341e0af39e89972732f33b2256ec2fbf58b1e847
Merge: 22369f6 6d47d3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:24 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22369f6227522e2f4407b9abce208678d6b25c56
commit 22369f6227522e2f4407b9abce208678d6b25c56
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:24 2013 -0300
rename
diff --git a/meta b/meta
index 17b9635..8fa23ce 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 0b75a41fcc67c6881f3b617255ab07bf329d5cac
+Previous: 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/thread-safety-documentation b/patches/manual-document-mt-safety-ctype.patch
similarity index 100%
rename from patches/thread-safety-documentation
rename to patches/manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=263eed84f16353fb704fac8338422fb3f7b863fb
commit 263eed84f16353fb704fac8338422fb3f7b863fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d47d3e1ad0ad4cbb739a9566bab050b7332879f
commit 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
Merge: bd16efa 263eed8 0b75a41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:20 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bd16efad2e7d1525257f2187add8a7387b61ec3a
commit bd16efad2e7d1525257f2187add8a7387b61ec3a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:20 2013 -0300
push
diff --git a/meta b/meta
index b6d3dfd..17b9635 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 94bcb95c7761ccb5002d8edda88363348254fc9b
-Head: edeb8dbee9aa4cdef77764287545e16903acea6d
+Previous: 0b75a41fcc67c6881f3b617255ab07bf329d5cac
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ thread-safety-documentation: 263eed84f16353fb704fac8338422fb3f7b863fb
Unapplied:
- thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b75a41fcc67c6881f3b617255ab07bf329d5cac
commit 0b75a41fcc67c6881f3b617255ab07bf329d5cac
Merge: 7d52af6 94bcb95
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:17 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7d52af62bb639f5544bca7e8b69d8f3345c62534
commit 7d52af62bb639f5544bca7e8b69d8f3345c62534
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:17 2013 -0300
delete
diff --git a/meta b/meta
index a644764..b6d3dfd 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
+Previous: 94bcb95c7761ccb5002d8edda88363348254fc9b
Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -10,7 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
Unapplied:
- manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
deleted file mode 100644
index 2a75975..0000000
--- a/patches/manual-document-mt-safety-ctype.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 493d959bda4db41836ea91b2b9685b47ab733575
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:41 -0300
-
-Thread safety documentation.
-
-for ChangeLog
-
- * manual/ctype.texi: Document thread safety properties.
-
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=94bcb95c7761ccb5002d8edda88363348254fc9b
commit 94bcb95c7761ccb5002d8edda88363348254fc9b
Merge: b8254dd 21f52a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:13 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8254dd65ab141ad4ff97a3ef57353bcd6128cc1
commit b8254dd65ab141ad4ff97a3ef57353bcd6128cc1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:13 2013 -0300
pop
diff --git a/meta b/meta
index 36e927d..a644764 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 01ba6509e76c37c53f223aa41a356f828ae95dd9
-Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+Previous: 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
+Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Unapplied:
+ manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=21f52a44eea40f61c3498a5656d52bdcd2dec5a3
commit 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
Merge: ca3235f 01ba650
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:11 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca3235f0c5bc0ab96bb1731e5330d87e7ffc3ba0
commit ca3235f0c5bc0ab96bb1731e5330d87e7ffc3ba0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:11 2013 -0300
pop
diff --git a/meta b/meta
index 9037bb4..36e927d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b204cd705feb2a980347509a610cf2c69c94d0c4
-Head: 037925e5b8ba3712e9e445a6aa776f239cf442d6
+Previous: 01ba6509e76c37c53f223aa41a356f828ae95dd9
+Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
- thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Unapplied:
+ thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=01ba6509e76c37c53f223aa41a356f828ae95dd9
commit 01ba6509e76c37c53f223aa41a356f828ae95dd9
Merge: b990842 b204cd7 037925e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:34 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b990842c0048131094b4c998a42878d030656563
commit b990842c0048131094b4c998a42878d030656563
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:34 2013 -0300
push
diff --git a/meta b/meta
index bda615a..9037bb4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
-Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+Previous: b204cd705feb2a980347509a610cf2c69c94d0c4
+Head: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+ thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Unapplied:
- thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=037925e5b8ba3712e9e445a6aa776f239cf442d6
commit 037925e5b8ba3712e9e445a6aa776f239cf442d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b204cd705feb2a980347509a610cf2c69c94d0c4
commit b204cd705feb2a980347509a610cf2c69c94d0c4
Merge: 93ded1a d23f7c1 c4d8656
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:29 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93ded1a7958ba004b87ebe83c131cd7b4596fe27
commit 93ded1a7958ba004b87ebe83c131cd7b4596fe27
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:29 2013 -0300
float
diff --git a/meta b/meta
index e19bd6a..bda615a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ded1cbad68c823f7e5a5fb954335efc3deea5099
-Head: edeb8dbee9aa4cdef77764287545e16903acea6d
+Previous: d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
+Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Unapplied:
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
- manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 81dc143..2a75975 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 493d959bda4db41836ea91b2b9685b47ab733575
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
commit c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
commit d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
Merge: 9be9722 ded1cba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:22 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9be97221622fd917db1c217b6ca09f5005021d33
commit 9be97221622fd917db1c217b6ca09f5005021d33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:22 2013 -0300
pop
diff --git a/meta b/meta
index aa02944..e19bd6a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1f8aef10fb0532c119933b7180448195cae41286
-Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+Previous: ded1cbad68c823f7e5a5fb954335efc3deea5099
+Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Unapplied:
+ thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ded1cbad68c823f7e5a5fb954335efc3deea5099
commit ded1cbad68c823f7e5a5fb954335efc3deea5099
Merge: 8c29027 1f8aef1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:19 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8c29027c5903c5b06b3b047951e446c8323a5231
commit 8c29027c5903c5b06b3b047951e446c8323a5231
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:19 2013 -0300
pop
diff --git a/meta b/meta
index 7678427..aa02944 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 42127c6adf6b3fb40b817039381af0c76d6cd909
-Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+Previous: 1f8aef10fb0532c119933b7180448195cae41286
+Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
- manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Unapplied:
+ manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f8aef10fb0532c119933b7180448195cae41286
commit 1f8aef10fb0532c119933b7180448195cae41286
Merge: 13a2bc4 42127c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=13a2bc492778d981dd7a1abc62b99bcea4155bad
commit 13a2bc492778d981dd7a1abc62b99bcea4155bad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh
diff --git a/meta b/meta
index 2805221..7678427 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 90cb66ac53976afa5ea21d24129a11802391cef4
-Head: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
+Previous: 42127c6adf6b3fb40b817039381af0c76d6cd909
+Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,7 +11,6 @@ Applied:
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
- refresh-temp: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index a9314fd..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,10 +0,0 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:49:03 -0300
-
-Refresh of manual-document-mt-safety-ctype.patch
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42127c6adf6b3fb40b817039381af0c76d6cd909
commit 42127c6adf6b3fb40b817039381af0c76d6cd909
Merge: 35ad4eb da0b804 90cb66a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35ad4ebdd4491aadf7c92045a079db207b038d65
commit 35ad4ebdd4491aadf7c92045a079db207b038d65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index f235c98..2805221 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d8fff601b7c4051337384975bb7fdbd1c076b15b
-Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+Previous: 90cb66ac53976afa5ea21d24129a11802391cef4
+Head: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+ refresh-temp: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..a9314fd
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,10 @@
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:49:03 -0300
+
+Refresh of manual-document-mt-safety-ctype.patch
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da0b8049fb1c9a2e5ab1163bbc2af928add275a3
commit da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:03 2013 -0300
Refresh of manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90cb66ac53976afa5ea21d24129a11802391cef4
commit 90cb66ac53976afa5ea21d24129a11802391cef4
Merge: eb807d7 d8fff60 4b596f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:22 2013 -0300
push (CONFLICT)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eb807d7e094a4927569dbd237278a0319b1cab1a
commit eb807d7e094a4927569dbd237278a0319b1cab1a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:22 2013 -0300
push (CONFLICT)
diff --git a/meta b/meta
index 72174f4..f235c98 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5287c793843e946fd2f478b0a2785249cc640f9c
-Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+Previous: d8fff601b7c4051337384975bb7fdbd1c076b15b
+Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+ manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Unapplied:
- manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 40dba95..81dc143 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: eb7c2702254befc63994aae3ba24a286ee829464
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,779 +12,4 @@ for ChangeLog
---
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-deleted file mode 100644
-index 3d13571..0000000
---- a/manual/ctype.texi
-+++ /dev/null
-@@ -1,770 +0,0 @@
--@node Character Handling, String and Array Utilities, Memory, Top
--@c %MENU% Character testing and conversion functions
--@chapter Character Handling
--
--Programs that work with characters and strings often need to classify a
--character---is it alphabetic, is it a digit, is it whitespace, and so
--on---and perform case conversion operations on characters. The
--functions in the header file @file{ctype.h} are provided for this
--purpose.
--@pindex ctype.h
--
--Since the choice of locale and character set can alter the
--classifications of particular character codes, all of these functions
--are affected by the current locale. (More precisely, they are affected
--by the locale currently selected for character classification---the
--@code{LC_CTYPE} category; see @ref{Locale Categories}.)
--
--The @w{ISO C} standard specifies two different sets of functions. The
--one set works on @code{char} type characters, the other one on
--@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
--
--@menu
--* Classification of Characters:: Testing whether characters are
-- letters, digits, punctuation, etc.
--
--* Case Conversion:: Case mapping, and the like.
--* Classification of Wide Characters:: Character class determination for
-- wide characters.
--* Using Wide Char Classes:: Notes on using the wide character
-- classes.
--* Wide Character Case Conversion:: Mapping of wide characters.
--@end menu
--
--@node Classification of Characters, Case Conversion, , Character Handling
--@section Classification of Characters
--@cindex character testing
--@cindex classification of characters
--@cindex predicates on characters
--@cindex character predicates
--
--This section explains the library functions for classifying characters.
--For example, @code{isalpha} is the function to test for an alphabetic
--character. It takes one argument, the character to test, and returns a
--nonzero integer if the character is alphabetic, and zero otherwise. You
--would use it like this:
--
--@smallexample
--if (isalpha (c))
-- printf ("The character `%c' is alphabetic.\n", c);
--@end smallexample
--
--Each of the functions in this section tests for membership in a
--particular class of characters; each has a name starting with @samp{is}.
--Each of them takes one argument, which is a character to test, and
--returns an @code{int} which is treated as a boolean value. The
--character argument is passed as an @code{int}, and it may be the
--constant value @code{EOF} instead of a real character.
--
--The attributes of any given character can vary between locales.
--@xref{Locales}, for more information on locales.@refill
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int islower (int @var{c})
--Returns true if @var{c} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex upper-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int isupper (int @var{c})
--Returns true if @var{c} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex alphabetic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalpha (int @var{c})
--Returns true if @var{c} is an alphabetic character (a letter). If
--@code{islower} or @code{isupper} is true of a character, then
--@code{isalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{isalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--@end deftypefun
--
--@cindex digit character
--@cindex decimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isdigit (int @var{c})
--Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
--@end deftypefun
--
--@cindex alphanumeric character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalnum (int @var{c})
--Returns true if @var{c} is an alphanumeric character (a letter or
--number); in other words, if either @code{isalpha} or @code{isdigit} is
--true of a character, then @code{isalnum} is also true.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isxdigit (int @var{c})
--Returns true if @var{c} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--@end deftypefun
--
--@cindex punctuation character
--@comment ctype.h
--@comment ISO
--@deftypefun int ispunct (int @var{c})
--Returns true if @var{c} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--@end deftypefun
--
--@cindex whitespace character
--@comment ctype.h
--@comment ISO
--@deftypefun int isspace (int @var{c})
--Returns true if @var{c} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{isspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item ' '
--space
--
--@item '\f'
--formfeed
--
--@item '\n'
--newline
--
--@item '\r'
--carriage return
--
--@item '\t'
--horizontal tab
--
--@item '\v'
--vertical tab
--@end table
--@end deftypefun
--
--@cindex blank character
--@comment ctype.h
--@comment ISO
--@deftypefun int isblank (int @var{c})
--Returns true if @var{c} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--@end deftypefun
--
--@cindex graphic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isgraph (int @var{c})
--Returns true if @var{c} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--@end deftypefun
--
--@cindex printing character
--@comment ctype.h
--@comment ISO
--@deftypefun int isprint (int @var{c})
--Returns true if @var{c} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--@end deftypefun
--
--@cindex control character
--@comment ctype.h
--@comment ISO
--@deftypefun int iscntrl (int @var{c})
--Returns true if @var{c} is a control character (that is, a character that
--is not a printing character).
--@end deftypefun
--
--@cindex ASCII character
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int isascii (int @var{c})
--Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
--into the US/UK ASCII character set. This function is a BSD extension
--and is also an SVID extension.
--@end deftypefun
--
--@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
--@section Case Conversion
--@cindex character case conversion
--@cindex case conversion of characters
--@cindex converting case of characters
--
--This section explains the library functions for performing conversions
--such as case mappings on characters. For example, @code{toupper}
--converts any character to upper case if possible. If the character
--can't be converted, @code{toupper} returns it unchanged.
--
--These functions take one argument of type @code{int}, which is the
--character to convert, and return the converted character as an
--@code{int}. If the conversion is not applicable to the argument given,
--the argument is returned unchanged.
--
--@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
--returning the argument unchanged, these functions may fail when the
--argument is not suitable for the conversion. Thus for portability, you
--may need to write @code{islower(c) ? toupper(c) : c} rather than just
--@code{toupper(c)}.
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@comment ctype.h
--@comment ISO
--@deftypefun int tolower (int @var{c})
--If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
--lower-case letter. If @var{c} is not an upper-case letter,
--@var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment ISO
--@deftypefun int toupper (int @var{c})
--If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
--upper-case letter. Otherwise @var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int toascii (int @var{c})
--This function converts @var{c} to a 7-bit @code{unsigned char} value
--that fits into the US/UK ASCII character set, by clearing the high-order
--bits. This function is a BSD extension and is also an SVID extension.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _tolower (int @var{c})
--This is identical to @code{tolower}, and is provided for compatibility
--with the SVID. @xref{SVID}.@refill
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _toupper (int @var{c})
--This is identical to @code{toupper}, and is provided for compatibility
--with the SVID.
--@end deftypefun
--
--
--@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
--@section Character class determination for wide characters
--
--@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
--characters. Although the original @w{ISO C90} standard already defined
--the type @code{wchar_t}, no functions operating on them were defined.
--
--The general design of the classification functions for wide characters
--is more general. It allows extensions to the set of available
--classifications, beyond those which are always available. The POSIX
--standard specifies how extensions can be made, and this is already
--implemented in the @glibcadj{} implementation of the @code{localedef}
--program.
--
--The character class functions are normally implemented with bitsets,
--with a bitset per character. For a given character, the appropriate
--bitset is read from a table and a test is performed as to whether a
--certain bit is set. Which bit is tested for is determined by the
--class.
--
--For the wide character classification functions this is made visible.
--There is a type classification type defined, a function to retrieve this
--value for a given class, and a function to test whether a given
--character is in this class, using the classification value. On top of
--this the normal character classification functions as used for
--@code{char} objects can be defined.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data type} wctype_t
--The @code{wctype_t} can hold a value which represents a character class.
--The only defined way to generate such a value is by using the
--@code{wctype} function.
--
--@pindex wctype.h
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctype_t wctype (const char *@var{property})
--The @code{wctype} returns a value representing a class of wide
--characters which is identified by the string @var{property}. Beside
--some standard properties each locale can define its own ones. In case
--no property with the given name is known for the current locale
--selected for the @code{LC_CTYPE} category, the function returns zero.
--
--@noindent
--The properties known in every locale are:
--
--@multitable @columnfractions .25 .25 .25 .25
--@item
--@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
--@item
--@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
--@item
--@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
--@end multitable
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To test the membership of a character to one of the non-standard classes
--the @w{ISO C} standard defines a completely new function.
--
--@comment wctype.h
--@comment ISO
--@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
--This function returns a nonzero value if @var{wc} is in the character
--class specified by @var{desc}. @var{desc} must previously be returned
--by a successful call to @code{wctype}.
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To make it easier to use the commonly-used classification functions,
--they are defined in the C library. There is no need to use
--@code{wctype} if the property string is one of the known character
--classes. In some situations it is desirable to construct the property
--strings, and then it is important that @code{wctype} can also handle the
--standard classes.
--
--@cindex alphanumeric character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalnum (wint_t @var{wc})
--This function returns a nonzero value if @var{wc} is an alphanumeric
--character (a letter or number); in other words, if either @code{iswalpha}
--or @code{iswdigit} is true of a character, then @code{iswalnum} is also
--true.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alnum"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex alphabetic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalpha (wint_t @var{wc})
--Returns true if @var{wc} is an alphabetic character (a letter). If
--@code{iswlower} or @code{iswupper} is true of a character, then
--@code{iswalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{iswalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alpha"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex control character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswcntrl (wint_t @var{wc})
--Returns true if @var{wc} is a control character (that is, a character that
--is not a printing character).
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("cntrl"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswdigit (wint_t @var{wc})
--Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
--Please note that this function does not only return a nonzero value for
--@emph{decimal} digits, but for all kinds of digits. A consequence is
--that code like the following will @strong{not} work unconditionally for
--wide characters:
--
--@smallexample
--n = 0;
--while (iswdigit (*wc))
-- @{
-- n *= 10;
-- n += *wc++ - L'0';
-- @}
--@end smallexample
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("digit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex graphic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswgraph (wint_t @var{wc})
--Returns true if @var{wc} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("graph"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int iswlower (wint_t @var{wc})
--Returns true if @var{wc} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("lower"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex printing character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswprint (wint_t @var{wc})
--Returns true if @var{wc} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("print"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex punctuation character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswpunct (wint_t @var{wc})
--Returns true if @var{wc} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("punct"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex whitespace character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswspace (wint_t @var{wc})
--Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{iswspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item L' '
--space
--
--@item L'\f'
--formfeed
--
--@item L'\n'
--newline
--
--@item L'\r'
--carriage return
--
--@item L'\t'
--horizontal tab
--
--@item L'\v'
--vertical tab
--@end table
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("space"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex upper-case character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswupper (wint_t @var{wc})
--Returns true if @var{wc} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("upper"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswxdigit (wint_t @var{wc})
--Returns true if @var{wc} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("xdigit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@Theglibc{} also provides a function which is not defined in the
--@w{ISO C} standard but which is available as a version for single byte
--characters as well.
--
--@cindex blank character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswblank (wint_t @var{wc})
--Returns true if @var{wc} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--It is declared in @file{wchar.h}.
--@end deftypefun
--
--@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
--@section Notes on using the wide character classes
--
--The first note is probably not astonishing but still occasionally a
--cause of problems. The @code{isw@var{XXX}} functions can be implemented
--using macros and in fact, @theglibc{} does this. They are still
--available as real functions but when the @file{wctype.h} header is
--included the macros will be used. This is the same as the
--@code{char} type versions of these functions.
--
--The second note covers something new. It can be best illustrated by a
--(real-world) example. The first piece of code is an excerpt from the
--original code. It is truncated a bit but the intention should be clear.
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- if (strcmp (class, "alnum") == 0)
-- return isalnum (c);
-- if (strcmp (class, "alpha") == 0)
-- return isalpha (c);
-- if (strcmp (class, "cntrl") == 0)
-- return iscntrl (c);
-- @dots{}
-- return 0;
--@}
--@end smallexample
--
--Now, with the @code{wctype} and @code{iswctype} you can avoid the
--@code{if} cascades, but rewriting the code as follows is wrong:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype ((wint_t) c, desc) : 0;
--@}
--@end smallexample
--
--The problem is that it is not guaranteed that the wide character
--representation of a single-byte character can be found using casting.
--In fact, usually this fails miserably. The correct solution to this
--problem is to write the code as follows:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype (btowc (c), desc) : 0;
--@}
--@end smallexample
--
--@xref{Converting a Character}, for more information on @code{btowc}.
--Note that this change probably does not improve the performance
--of the program a lot since the @code{wctype} function still has to make
--the string comparisons. It gets really interesting if the
--@code{is_in_class} function is called more than once for the
--same class name. In this case the variable @var{desc} could be computed
--once and reused for all the calls. Therefore the above form of the
--function is probably not the final one.
--
--
--@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
--@section Mapping of wide characters.
--
--The classification functions are also generalized by the @w{ISO C}
--standard. Instead of just allowing the two standard mappings, a
--locale can contain others. Again, the @code{localedef} program
--already supports generating such locale data files.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data Type} wctrans_t
--This data type is defined as a scalar type which can hold a value
--representing the locale-dependent character mapping. There is no way to
--construct such a value apart from using the return value of the
--@code{wctrans} function.
--
--@pindex wctype.h
--@noindent
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctrans_t wctrans (const char *@var{property})
--The @code{wctrans} function has to be used to find out whether a named
--mapping is defined in the current locale selected for the
--@code{LC_CTYPE} category. If the returned value is non-zero, you can use
--it afterwards in calls to @code{towctrans}. If the return value is
--zero no such mapping is known in the current locale.
--
--Beside locale-specific mappings there are two mappings which are
--guaranteed to be available in every locale:
--
--@multitable @columnfractions .5 .5
--@item
--@code{"tolower"} @tab @code{"toupper"}
--@end multitable
--
--@pindex wctype.h
--@noindent
--These functions are declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@code{towctrans} maps the input character @var{wc}
--according to the rules of the mapping for which @var{desc} is a
--descriptor, and returns the value it finds. @var{desc} must be
--obtained by a successful call to @code{wctrans}.
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--For the generally available mappings, the @w{ISO C} standard defines
--convenient shortcuts so that it is not necessary to call @code{wctrans}
--for them.
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towlower (wint_t @var{wc})
--If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
--lower-case letter. If @var{wc} is not an upper-case letter,
--@var{wc} is returned unchanged.
--
--@noindent
--@code{towlower} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("tolower"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towupper (wint_t @var{wc})
--If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
--upper-case letter. Otherwise @var{wc} is returned unchanged.
--
--@noindent
--@code{towupper} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("toupper"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--The same warnings given in the last section for the use of the wide
--character classification functions apply here. It is not possible to
--simply cast a @code{char} type value to a @code{wint_t} and use it as an
--argument to @code{towctrans} calls.
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
commit 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d8fff601b7c4051337384975bb7fdbd1c076b15b
commit d8fff601b7c4051337384975bb7fdbd1c076b15b
Merge: 8ebb9bc 5287c79 1ae8e2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ebb9bc501031359a6f474e70546a975d8e89269
commit 8ebb9bc501031359a6f474e70546a975d8e89269
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh
diff --git a/meta b/meta
index 150ab75..72174f4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b6864e5d068d813c95f42cc42a4af998364b9e2d
-Head: 1c7a149c0726600eabeb718bf88b5d82031f6857
+Previous: 5287c793843e946fd2f478b0a2785249cc640f9c
+Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
- refresh-temp: 1c7a149c0726600eabeb718bf88b5d82031f6857
+ thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Unapplied:
manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 702824c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,332 +0,0 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:48:14 -0300
-
-Refresh of thread-safety-documentation
-
----
-
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-index f05d509..ddf38ce 100644
---- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int islower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The is* macros call __ctype_b_loc to get the ctype array from the
-+@c current locale, and then index it by c. __ctype_b_loc reads from
-+@c thread-local memory the (indirect) pointer to the ctype array, which
-+@c may involve one word access to the global locale object, if that's
-+@c the active locale for the thread, and the array, being part of the
-+@c locale data, is undeletable, so there's no thread-safety issue.
- Returns true if @var{c} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isalpha (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphabetic character (a letter). If
- @code{islower} or @code{isupper} is true of a character, then
- @code{isalpha} is also true.
-@@ -97,6 +106,7 @@ additional characters.
- @comment ctype.h
- @comment ISO
- @deftypefun int isdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @end deftypefun
-
-@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @comment ctype.h
- @comment ISO
- @deftypefun int isalnum (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphanumeric character (a letter or
- number); in other words, if either @code{isalpha} or @code{isdigit} is
- true of a character, then @code{isalnum} is also true.
-@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
- @comment ctype.h
- @comment ISO
- @deftypefun int isxdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
- @comment ctype.h
- @comment ISO
- @deftypefun int ispunct (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -132,6 +145,7 @@ character.
- @comment ctype.h
- @comment ISO
- @deftypefun int isspace (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{isspace} returns true for only the standard
- whitespace characters:
-@@ -161,6 +175,7 @@ vertical tab
- @comment ctype.h
- @comment ISO
- @deftypefun int isblank (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- @end deftypefun
-@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
- @comment ctype.h
- @comment ISO
- @deftypefun int isgraph (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -178,6 +194,7 @@ considered graphic.
- @comment ctype.h
- @comment ISO
- @deftypefun int isprint (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
- @end deftypefun
-@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
- @comment ctype.h
- @comment ISO
- @deftypefun int iscntrl (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a control character (that is, a character that
- is not a printing character).
- @end deftypefun
-@@ -194,6 +212,7 @@ is not a printing character).
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int isascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
- into the US/UK ASCII character set. This function is a BSD extension
- and is also an SVID extension.
-@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The to* macros/functions call different functions that use different
-+@c arrays than those of__ctype_b_loc, but the access patterns and
-+@c thus safety guarantees are the same.
- If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
- lower-case letter. If @var{c} is not an upper-case letter,
- @var{c} is returned unchanged.
-@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
- @comment ctype.h
- @comment ISO
- @deftypefun int toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
- upper-case letter. Otherwise @var{c} is returned unchanged.
- @end deftypefun
-@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int toascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function converts @var{c} to a 7-bit @code{unsigned char} value
- that fits into the US/UK ASCII character set, by clearing the high-order
- bits. This function is a BSD extension and is also an SVID extension.
-@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
- @comment ctype.h
- @comment SVID
- @deftypefun int _tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{tolower}, and is provided for compatibility
- with the SVID. @xref{SVID}.@refill
- @end deftypefun
-@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
- @comment ctype.h
- @comment SVID
- @deftypefun int _toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{toupper}, and is provided for compatibility
- with the SVID.
- @end deftypefun
-@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctype_t wctype (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Although the source code of wctype contains multiple references to
-+@c the locale, that could each reference different locale_data objects
-+@c should the global locale object change while active, the compiler can
-+@c and does combine them all into a single dereference that resolves
-+@c once to the LCTYPE locale object used throughout the function, so it
-+@c is safe in practice, if not in theory. Ideally we'd explicitly save
-+@c the resolved locale_data object to make it visibly safe instead of
-+@c safe only under compiler optimizations.
- The @code{wctype} returns a value representing a class of wide
- characters which is identified by the string @var{property}. Beside
- some standard properties each locale can define its own ones. In case
-@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The compressed lookup table returned by wctype is read-only.
- This function returns a nonzero value if @var{wc} is in the character
- class specified by @var{desc}. @var{desc} must previously be returned
- by a successful call to @code{wctype}.
-@@ -350,6 +388,15 @@ standard classes.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalnum (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c The implicit wctype call in the isw* functions is actually an
-+@c optimized version because the category has a known offset, but the
-+@c wctype is equally safe when optimized, unsafe if not optimized.
-+@c Since it's not a macro, and we always optimize, it's fine. The test
-+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
-+@c bring any other safety issues: the test does not depend on the
-+@c locale, and each path after the decision resolves the locale object
-+@c only once.
- This function returns a nonzero value if @var{wc} is an alphanumeric
- character (a letter or number); in other words, if either @code{iswalpha}
- or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalpha (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an alphabetic character (a letter). If
- @code{iswlower} or @code{iswupper} is true of a character, then
- @code{iswalpha} is also true.
-@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswcntrl (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a control character (that is, a character that
- is not a printing character).
-
-@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
- Please note that this function does not only return a nonzero value for
- @emph{decimal} digits, but for all kinds of digits. A consequence is
-@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswgraph (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int iswlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswprint (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
-
-@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswpunct (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswspace (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{iswspace} returns true for only the standard
- whitespace characters:
-@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswxdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -597,6 +654,7 @@ characters as well.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswblank (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- It is declared in @file{wchar.h}.
-@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Similar implementation, same caveats as wctype.
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Same caveats as iswctype.
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
-@@ -732,6 +792,9 @@ for them.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
-+@c table.
- If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
- lower-case letter. If @var{wc} is not an upper-case letter,
- @var{wc} is returned unchanged.
-@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
- upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/patches/thread-safety-documentation b/patches/thread-safety-documentation
index 9799a98..a9588e2 100644
--- a/patches/thread-safety-documentation
+++ b/patches/thread-safety-documentation
@@ -1,5 +1,5 @@
Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -13,22 +13,323 @@ for ChangeLog
---
diff --git a/manual/ctype.texi b/manual/ctype.texi
-index 3d13571..f05d509 100644
+index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
-@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
+@@ -730,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5287c793843e946fd2f478b0a2785249cc640f9c
commit 5287c793843e946fd2f478b0a2785249cc640f9c
Merge: a0855bc 1c7a149 b6864e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a0855bc90966b5b2e0e30eefe708975da5b5964f
commit a0855bc90966b5b2e0e30eefe708975da5b5964f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 5317d84..150ab75 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: b6864e5d068d813c95f42cc42a4af998364b9e2d
+Head: 1c7a149c0726600eabeb718bf88b5d82031f6857
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
+ refresh-temp: 1c7a149c0726600eabeb718bf88b5d82031f6857
Unapplied:
manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..702824c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,332 @@
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:48:14 -0300
+
+Refresh of thread-safety-documentation
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index f05d509..ddf38ce 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
+@@ -732,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1c7a149c0726600eabeb718bf88b5d82031f6857
commit 1c7a149c0726600eabeb718bf88b5d82031f6857
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
Refresh of thread-safety-documentation
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6864e5d068d813c95f42cc42a4af998364b9e2d
commit b6864e5d068d813c95f42cc42a4af998364b9e2d
Merge: 4c198fe cb84458 fbb71ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:47:39 2013 -0300
repair
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4c198fe0826a24451ec717df1163b915944f5f3f
commit 4c198fe0826a24451ec717df1163b915944f5f3f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:47:39 2013 -0300
repair
diff --git a/meta b/meta
index cd8af55..5317d84 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 798b190d23f3f3a4ad79d3ad58033f247cfce24a
+Previous: cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
+ thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
Unapplied:
+ manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/thread-safety-documentation b/patches/thread-safety-documentation
new file mode 100644
index 0000000..9799a98
--- /dev/null
+++ b/patches/thread-safety-documentation
@@ -0,0 +1,34 @@
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 15:29:41 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/ctype.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index 3d13571..f05d509 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
commit cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
Merge: 0b60f0a 798b190 fbb71ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:46:56 2013 -0300
external modifications
Modifications by tools other than StGit (e.g. git).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b60f0aafece87396a646631192339d54c5324fc
commit 0b60f0aafece87396a646631192339d54c5324fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:46:56 2013 -0300
external modifications
Modifications by tools other than StGit (e.g. git).
diff --git a/meta b/meta
index 4ba806b..cd8af55 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 92ecb9cc92814d23ccb743dab61d49f352050d65
-Head: b1da9d49b81e23d658de4369181599c33e3acd9e
+Previous: 798b190d23f3f3a4ad79d3ad58033f247cfce24a
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=798b190d23f3f3a4ad79d3ad58033f247cfce24a
commit 798b190d23f3f3a4ad79d3ad58033f247cfce24a
Merge: ac15c3c b1da9d4 92ecb9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:22 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac15c3c240153a4eb66bde41aba4cbb7bdd9d560
commit ac15c3c240153a4eb66bde41aba4cbb7bdd9d560
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:22 2013 -0300
refresh
diff --git a/meta b/meta
index d6de884..4ba806b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: fa0e164579ef7d32d41b16568c2074df2d84ea0d
-Head: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
+Previous: 92ecb9cc92814d23ccb743dab61d49f352050d65
+Head: b1da9d49b81e23d658de4369181599c33e3acd9e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- refresh-temp: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
+ manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 9799a98..40dba95 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: eb7c2702254befc63994aae3ba24a286ee829464
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -13,22 +13,778 @@ for ChangeLog
---
diff --git a/manual/ctype.texi b/manual/ctype.texi
-index 3d13571..f05d509 100644
+deleted file mode 100644
+index 3d13571..0000000
--- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
++++ /dev/null
+@@ -1,770 +0,0 @@
+-@node Character Handling, String and Array Utilities, Memory, Top
+-@c %MENU% Character testing and conversion functions
+-@chapter Character Handling
+-
+-Programs that work with characters and strings often need to classify a
+-character---is it alphabetic, is it a digit, is it whitespace, and so
+-on---and perform case conversion operations on characters. The
+-functions in the header file @file{ctype.h} are provided for this
+-purpose.
+-@pindex ctype.h
+-
+-Since the choice of locale and character set can alter the
+-classifications of particular character codes, all of these functions
+-are affected by the current locale. (More precisely, they are affected
+-by the locale currently selected for character classification---the
+-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
+-
+-The @w{ISO C} standard specifies two different sets of functions. The
+-one set works on @code{char} type characters, the other one on
+-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
+-
+-@menu
+-* Classification of Characters:: Testing whether characters are
+- letters, digits, punctuation, etc.
+-
+-* Case Conversion:: Case mapping, and the like.
+-* Classification of Wide Characters:: Character class determination for
+- wide characters.
+-* Using Wide Char Classes:: Notes on using the wide character
+- classes.
+-* Wide Character Case Conversion:: Mapping of wide characters.
+-@end menu
+-
+-@node Classification of Characters, Case Conversion, , Character Handling
+-@section Classification of Characters
+-@cindex character testing
+-@cindex classification of characters
+-@cindex predicates on characters
+-@cindex character predicates
+-
+-This section explains the library functions for classifying characters.
+-For example, @code{isalpha} is the function to test for an alphabetic
+-character. It takes one argument, the character to test, and returns a
+-nonzero integer if the character is alphabetic, and zero otherwise. You
+-would use it like this:
+-
+-@smallexample
+-if (isalpha (c))
+- printf ("The character `%c' is alphabetic.\n", c);
+-@end smallexample
+-
+-Each of the functions in this section tests for membership in a
+-particular class of characters; each has a name starting with @samp{is}.
+-Each of them takes one argument, which is a character to test, and
+-returns an @code{int} which is treated as a boolean value. The
+-character argument is passed as an @code{int}, and it may be the
+-constant value @code{EOF} instead of a real character.
+-
+-The attributes of any given character can vary between locales.
+-@xref{Locales}, for more information on locales.@refill
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int islower (int @var{c})
+-Returns true if @var{c} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isupper (int @var{c})
+-Returns true if @var{c} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalpha (int @var{c})
+-Returns true if @var{c} is an alphabetic character (a letter). If
+-@code{islower} or @code{isupper} is true of a character, then
+-@code{isalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{isalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-@end deftypefun
+-
+-@cindex digit character
+-@cindex decimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isdigit (int @var{c})
+-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+-@end deftypefun
+-
+-@cindex alphanumeric character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalnum (int @var{c})
+-Returns true if @var{c} is an alphanumeric character (a letter or
+-number); in other words, if either @code{isalpha} or @code{isdigit} is
+-true of a character, then @code{isalnum} is also true.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isxdigit (int @var{c})
+-Returns true if @var{c} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int ispunct (int @var{c})
+-Returns true if @var{c} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isspace (int @var{c})
+-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{isspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item ' '
+-space
+-
+-@item '\f'
+-formfeed
+-
+-@item '\n'
+-newline
+-
+-@item '\r'
+-carriage return
+-
+-@item '\t'
+-horizontal tab
+-
+-@item '\v'
+-vertical tab
+-@end table
+-@end deftypefun
+-
+-@cindex blank character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isblank (int @var{c})
+-Returns true if @var{c} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isgraph (int @var{c})
+-Returns true if @var{c} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isprint (int @var{c})
+-Returns true if @var{c} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-@end deftypefun
+-
+-@cindex control character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iscntrl (int @var{c})
+-Returns true if @var{c} is a control character (that is, a character that
+-is not a printing character).
+-@end deftypefun
+-
+-@cindex ASCII character
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int isascii (int @var{c})
+-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+-into the US/UK ASCII character set. This function is a BSD extension
+-and is also an SVID extension.
+-@end deftypefun
+-
+-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
+-@section Case Conversion
+-@cindex character case conversion
+-@cindex case conversion of characters
+-@cindex converting case of characters
+-
+-This section explains the library functions for performing conversions
+-such as case mappings on characters. For example, @code{toupper}
+-converts any character to upper case if possible. If the character
+-can't be converted, @code{toupper} returns it unchanged.
+-
+-These functions take one argument of type @code{int}, which is the
+-character to convert, and return the converted character as an
+-@code{int}. If the conversion is not applicable to the argument given,
+-the argument is returned unchanged.
+-
+-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
+-returning the argument unchanged, these functions may fail when the
+-argument is not suitable for the conversion. Thus for portability, you
+-may need to write @code{islower(c) ? toupper(c) : c} rather than just
+-@code{toupper(c)}.
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int tolower (int @var{c})
+-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+-lower-case letter. If @var{c} is not an upper-case letter,
+-@var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int toupper (int @var{c})
+-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+-upper-case letter. Otherwise @var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int toascii (int @var{c})
+-This function converts @var{c} to a 7-bit @code{unsigned char} value
+-that fits into the US/UK ASCII character set, by clearing the high-order
+-bits. This function is a BSD extension and is also an SVID extension.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _tolower (int @var{c})
+-This is identical to @code{tolower}, and is provided for compatibility
+-with the SVID. @xref{SVID}.@refill
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _toupper (int @var{c})
+-This is identical to @code{toupper}, and is provided for compatibility
+-with the SVID.
+-@end deftypefun
+-
+-
+-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
+-@section Character class determination for wide characters
+-
+-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
+-characters. Although the original @w{ISO C90} standard already defined
+-the type @code{wchar_t}, no functions operating on them were defined.
+-
+-The general design of the classification functions for wide characters
+-is more general. It allows extensions to the set of available
+-classifications, beyond those which are always available. The POSIX
+-standard specifies how extensions can be made, and this is already
+-implemented in the @glibcadj{} implementation of the @code{localedef}
+-program.
+-
+-The character class functions are normally implemented with bitsets,
+-with a bitset per character. For a given character, the appropriate
+-bitset is read from a table and a test is performed as to whether a
+-certain bit is set. Which bit is tested for is determined by the
+-class.
+-
+-For the wide character classification functions this is made visible.
+-There is a type classification type defined, a function to retrieve this
+-value for a given class, and a function to test whether a given
+-character is in this class, using the classification value. On top of
+-this the normal character classification functions as used for
+-@code{char} objects can be defined.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data type} wctype_t
+-The @code{wctype_t} can hold a value which represents a character class.
+-The only defined way to generate such a value is by using the
+-@code{wctype} function.
+-
+-@pindex wctype.h
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctype_t wctype (const char *@var{property})
+-The @code{wctype} returns a value representing a class of wide
+-characters which is identified by the string @var{property}. Beside
+-some standard properties each locale can define its own ones. In case
+-no property with the given name is known for the current locale
+-selected for the @code{LC_CTYPE} category, the function returns zero.
+-
+-@noindent
+-The properties known in every locale are:
+-
+-@multitable @columnfractions .25 .25 .25 .25
+-@item
+-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
+-@item
+-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
+-@item
+-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
+-@end multitable
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To test the membership of a character to one of the non-standard classes
+-the @w{ISO C} standard defines a completely new function.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+-This function returns a nonzero value if @var{wc} is in the character
+-class specified by @var{desc}. @var{desc} must previously be returned
+-by a successful call to @code{wctype}.
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To make it easier to use the commonly-used classification functions,
+-they are defined in the C library. There is no need to use
+-@code{wctype} if the property string is one of the known character
+-classes. In some situations it is desirable to construct the property
+-strings, and then it is important that @code{wctype} can also handle the
+-standard classes.
+-
+-@cindex alphanumeric character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalnum (wint_t @var{wc})
+-This function returns a nonzero value if @var{wc} is an alphanumeric
+-character (a letter or number); in other words, if either @code{iswalpha}
+-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+-true.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alnum"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalpha (wint_t @var{wc})
+-Returns true if @var{wc} is an alphabetic character (a letter). If
+-@code{iswlower} or @code{iswupper} is true of a character, then
+-@code{iswalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{iswalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alpha"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex control character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswcntrl (wint_t @var{wc})
+-Returns true if @var{wc} is a control character (that is, a character that
+-is not a printing character).
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("cntrl"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+-Please note that this function does not only return a nonzero value for
+-@emph{decimal} digits, but for all kinds of digits. A consequence is
+-that code like the following will @strong{not} work unconditionally for
+-wide characters:
+-
+-@smallexample
+-n = 0;
+-while (iswdigit (*wc))
+- @{
+- n *= 10;
+- n += *wc++ - L'0';
+- @}
+-@end smallexample
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("digit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswgraph (wint_t @var{wc})
+-Returns true if @var{wc} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("graph"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iswlower (wint_t @var{wc})
+-Returns true if @var{wc} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("lower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswprint (wint_t @var{wc})
+-Returns true if @var{wc} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("print"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswpunct (wint_t @var{wc})
+-Returns true if @var{wc} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("punct"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswspace (wint_t @var{wc})
+-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{iswspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item L' '
+-space
+-
+-@item L'\f'
+-formfeed
+-
+-@item L'\n'
+-newline
+-
+-@item L'\r'
+-carriage return
+-
+-@item L'\t'
+-horizontal tab
+-
+-@item L'\v'
+-vertical tab
+-@end table
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("space"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswupper (wint_t @var{wc})
+-Returns true if @var{wc} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("upper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswxdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("xdigit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@Theglibc{} also provides a function which is not defined in the
+-@w{ISO C} standard but which is available as a version for single byte
+-characters as well.
+-
+-@cindex blank character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswblank (wint_t @var{wc})
+-Returns true if @var{wc} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-It is declared in @file{wchar.h}.
+-@end deftypefun
+-
+-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
+-@section Notes on using the wide character classes
+-
+-The first note is probably not astonishing but still occasionally a
+-cause of problems. The @code{isw@var{XXX}} functions can be implemented
+-using macros and in fact, @theglibc{} does this. They are still
+-available as real functions but when the @file{wctype.h} header is
+-included the macros will be used. This is the same as the
+-@code{char} type versions of these functions.
+-
+-The second note covers something new. It can be best illustrated by a
+-(real-world) example. The first piece of code is an excerpt from the
+-original code. It is truncated a bit but the intention should be clear.
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- if (strcmp (class, "alnum") == 0)
+- return isalnum (c);
+- if (strcmp (class, "alpha") == 0)
+- return isalpha (c);
+- if (strcmp (class, "cntrl") == 0)
+- return iscntrl (c);
+- @dots{}
+- return 0;
+-@}
+-@end smallexample
+-
+-Now, with the @code{wctype} and @code{iswctype} you can avoid the
+-@code{if} cascades, but rewriting the code as follows is wrong:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype ((wint_t) c, desc) : 0;
+-@}
+-@end smallexample
+-
+-The problem is that it is not guaranteed that the wide character
+-representation of a single-byte character can be found using casting.
+-In fact, usually this fails miserably. The correct solution to this
+-problem is to write the code as follows:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype (btowc (c), desc) : 0;
+-@}
+-@end smallexample
+-
+-@xref{Converting a Character}, for more information on @code{btowc}.
+-Note that this change probably does not improve the performance
+-of the program a lot since the @code{wctype} function still has to make
+-the string comparisons. It gets really interesting if the
+-@code{is_in_class} function is called more than once for the
+-same class name. In this case the variable @var{desc} could be computed
+-once and reused for all the calls. Therefore the above form of the
+-function is probably not the final one.
+-
+-
+-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
+-@section Mapping of wide characters.
+-
+-The classification functions are also generalized by the @w{ISO C}
+-standard. Instead of just allowing the two standard mappings, a
+-locale can contain others. Again, the @code{localedef} program
+-already supports generating such locale data files.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data Type} wctrans_t
+-This data type is defined as a scalar type which can hold a value
+-representing the locale-dependent character mapping. There is no way to
+-construct such a value apart from using the return value of the
+-@code{wctrans} function.
+-
+-@pindex wctype.h
+-@noindent
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctrans_t wctrans (const char *@var{property})
+-The @code{wctrans} function has to be used to find out whether a named
+-mapping is defined in the current locale selected for the
+-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
+-it afterwards in calls to @code{towctrans}. If the return value is
+-zero no such mapping is known in the current locale.
+-
+-Beside locale-specific mappings there are two mappings which are
+-guaranteed to be available in every locale:
+-
+-@multitable @columnfractions .5 .5
+-@item
+-@code{"tolower"} @tab @code{"toupper"}
+-@end multitable
+-
+-@pindex wctype.h
+-@noindent
+-These functions are declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@code{towctrans} maps the input character @var{wc}
+-according to the rules of the mapping for which @var{desc} is a
+-descriptor, and returns the value it finds. @var{desc} must be
+-obtained by a successful call to @code{wctrans}.
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-For the generally available mappings, the @w{ISO C} standard defines
+-convenient shortcuts so that it is not necessary to call @code{wctrans}
+-for them.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towlower (wint_t @var{wc})
+-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+-lower-case letter. If @var{wc} is not an upper-case letter,
+-@var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towlower} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("tolower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towupper (wint_t @var{wc})
+-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+-upper-case letter. Otherwise @var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towupper} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("toupper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-The same warnings given in the last section for the use of the wide
+-character classification functions apply here. It is not possible to
+-simply cast a @code{char} type value to a @code{wint_t} and use it as an
+-argument to @code{towctrans} calls.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 818f328..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,787 +0,0 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
-Top: eb7c2702254befc63994aae3ba24a286ee829464
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:43:21 -0300
-
-Refresh of manual-document-mt-safety-ctype.patch
-
----
-
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-deleted file mode 100644
-index f05d509..0000000
---- a/manual/ctype.texi
-+++ /dev/null
-@@ -1,772 +0,0 @@
--@node Character Handling, String and Array Utilities, Memory, Top
--@c %MENU% Character testing and conversion functions
--@chapter Character Handling
--
--Programs that work with characters and strings often need to classify a
--character---is it alphabetic, is it a digit, is it whitespace, and so
--on---and perform case conversion operations on characters. The
--functions in the header file @file{ctype.h} are provided for this
--purpose.
--@pindex ctype.h
--
--Since the choice of locale and character set can alter the
--classifications of particular character codes, all of these functions
--are affected by the current locale. (More precisely, they are affected
--by the locale currently selected for character classification---the
--@code{LC_CTYPE} category; see @ref{Locale Categories}.)
--
--The @w{ISO C} standard specifies two different sets of functions. The
--one set works on @code{char} type characters, the other one on
--@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
--
--@menu
--* Classification of Characters:: Testing whether characters are
-- letters, digits, punctuation, etc.
--
--* Case Conversion:: Case mapping, and the like.
--* Classification of Wide Characters:: Character class determination for
-- wide characters.
--* Using Wide Char Classes:: Notes on using the wide character
-- classes.
--* Wide Character Case Conversion:: Mapping of wide characters.
--@end menu
--
--@node Classification of Characters, Case Conversion, , Character Handling
--@section Classification of Characters
--@cindex character testing
--@cindex classification of characters
--@cindex predicates on characters
--@cindex character predicates
--
--This section explains the library functions for classifying characters.
--For example, @code{isalpha} is the function to test for an alphabetic
--character. It takes one argument, the character to test, and returns a
--nonzero integer if the character is alphabetic, and zero otherwise. You
--would use it like this:
--
--@smallexample
--if (isalpha (c))
-- printf ("The character `%c' is alphabetic.\n", c);
--@end smallexample
--
--Each of the functions in this section tests for membership in a
--particular class of characters; each has a name starting with @samp{is}.
--Each of them takes one argument, which is a character to test, and
--returns an @code{int} which is treated as a boolean value. The
--character argument is passed as an @code{int}, and it may be the
--constant value @code{EOF} instead of a real character.
--
--The attributes of any given character can vary between locales.
--@xref{Locales}, for more information on locales.@refill
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int islower (int @var{c})
--Returns true if @var{c} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex upper-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int isupper (int @var{c})
--Returns true if @var{c} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex alphabetic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalpha (int @var{c})
--Returns true if @var{c} is an alphabetic character (a letter). If
--@code{islower} or @code{isupper} is true of a character, then
--@code{isalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{isalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--@end deftypefun
--
--@cindex digit character
--@cindex decimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isdigit (int @var{c})
--Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
--@end deftypefun
--
--@cindex alphanumeric character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalnum (int @var{c})
--Returns true if @var{c} is an alphanumeric character (a letter or
--number); in other words, if either @code{isalpha} or @code{isdigit} is
--true of a character, then @code{isalnum} is also true.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isxdigit (int @var{c})
--Returns true if @var{c} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--@end deftypefun
--
--@cindex punctuation character
--@comment ctype.h
--@comment ISO
--@deftypefun int ispunct (int @var{c})
--Returns true if @var{c} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--@end deftypefun
--
--@cindex whitespace character
--@comment ctype.h
--@comment ISO
--@deftypefun int isspace (int @var{c})
--Returns true if @var{c} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{isspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item ' '
--space
--
--@item '\f'
--formfeed
--
--@item '\n'
--newline
--
--@item '\r'
--carriage return
--
--@item '\t'
--horizontal tab
--
--@item '\v'
--vertical tab
--@end table
--@end deftypefun
--
--@cindex blank character
--@comment ctype.h
--@comment ISO
--@deftypefun int isblank (int @var{c})
--Returns true if @var{c} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--@end deftypefun
--
--@cindex graphic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isgraph (int @var{c})
--Returns true if @var{c} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--@end deftypefun
--
--@cindex printing character
--@comment ctype.h
--@comment ISO
--@deftypefun int isprint (int @var{c})
--Returns true if @var{c} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--@end deftypefun
--
--@cindex control character
--@comment ctype.h
--@comment ISO
--@deftypefun int iscntrl (int @var{c})
--Returns true if @var{c} is a control character (that is, a character that
--is not a printing character).
--@end deftypefun
--
--@cindex ASCII character
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int isascii (int @var{c})
--Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
--into the US/UK ASCII character set. This function is a BSD extension
--and is also an SVID extension.
--@end deftypefun
--
--@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
--@section Case Conversion
--@cindex character case conversion
--@cindex case conversion of characters
--@cindex converting case of characters
--
--This section explains the library functions for performing conversions
--such as case mappings on characters. For example, @code{toupper}
--converts any character to upper case if possible. If the character
--can't be converted, @code{toupper} returns it unchanged.
--
--These functions take one argument of type @code{int}, which is the
--character to convert, and return the converted character as an
--@code{int}. If the conversion is not applicable to the argument given,
--the argument is returned unchanged.
--
--@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
--returning the argument unchanged, these functions may fail when the
--argument is not suitable for the conversion. Thus for portability, you
--may need to write @code{islower(c) ? toupper(c) : c} rather than just
--@code{toupper(c)}.
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@comment ctype.h
--@comment ISO
--@deftypefun int tolower (int @var{c})
--If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
--lower-case letter. If @var{c} is not an upper-case letter,
--@var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment ISO
--@deftypefun int toupper (int @var{c})
--If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
--upper-case letter. Otherwise @var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int toascii (int @var{c})
--This function converts @var{c} to a 7-bit @code{unsigned char} value
--that fits into the US/UK ASCII character set, by clearing the high-order
--bits. This function is a BSD extension and is also an SVID extension.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _tolower (int @var{c})
--This is identical to @code{tolower}, and is provided for compatibility
--with the SVID. @xref{SVID}.@refill
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _toupper (int @var{c})
--This is identical to @code{toupper}, and is provided for compatibility
--with the SVID.
--@end deftypefun
--
--
--@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
--@section Character class determination for wide characters
--
--@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
--characters. Although the original @w{ISO C90} standard already defined
--the type @code{wchar_t}, no functions operating on them were defined.
--
--The general design of the classification functions for wide characters
--is more general. It allows extensions to the set of available
--classifications, beyond those which are always available. The POSIX
--standard specifies how extensions can be made, and this is already
--implemented in the @glibcadj{} implementation of the @code{localedef}
--program.
--
--The character class functions are normally implemented with bitsets,
--with a bitset per character. For a given character, the appropriate
--bitset is read from a table and a test is performed as to whether a
--certain bit is set. Which bit is tested for is determined by the
--class.
--
--For the wide character classification functions this is made visible.
--There is a type classification type defined, a function to retrieve this
--value for a given class, and a function to test whether a given
--character is in this class, using the classification value. On top of
--this the normal character classification functions as used for
--@code{char} objects can be defined.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data type} wctype_t
--The @code{wctype_t} can hold a value which represents a character class.
--The only defined way to generate such a value is by using the
--@code{wctype} function.
--
--@pindex wctype.h
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctype_t wctype (const char *@var{property})
--The @code{wctype} returns a value representing a class of wide
--characters which is identified by the string @var{property}. Beside
--some standard properties each locale can define its own ones. In case
--no property with the given name is known for the current locale
--selected for the @code{LC_CTYPE} category, the function returns zero.
--
--@noindent
--The properties known in every locale are:
--
--@multitable @columnfractions .25 .25 .25 .25
--@item
--@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
--@item
--@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
--@item
--@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
--@end multitable
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To test the membership of a character to one of the non-standard classes
--the @w{ISO C} standard defines a completely new function.
--
--@comment wctype.h
--@comment ISO
--@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
--This function returns a nonzero value if @var{wc} is in the character
--class specified by @var{desc}. @var{desc} must previously be returned
--by a successful call to @code{wctype}.
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To make it easier to use the commonly-used classification functions,
--they are defined in the C library. There is no need to use
--@code{wctype} if the property string is one of the known character
--classes. In some situations it is desirable to construct the property
--strings, and then it is important that @code{wctype} can also handle the
--standard classes.
--
--@cindex alphanumeric character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalnum (wint_t @var{wc})
--This function returns a nonzero value if @var{wc} is an alphanumeric
--character (a letter or number); in other words, if either @code{iswalpha}
--or @code{iswdigit} is true of a character, then @code{iswalnum} is also
--true.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alnum"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex alphabetic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalpha (wint_t @var{wc})
--Returns true if @var{wc} is an alphabetic character (a letter). If
--@code{iswlower} or @code{iswupper} is true of a character, then
--@code{iswalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{iswalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alpha"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex control character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswcntrl (wint_t @var{wc})
--Returns true if @var{wc} is a control character (that is, a character that
--is not a printing character).
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("cntrl"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswdigit (wint_t @var{wc})
--Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
--Please note that this function does not only return a nonzero value for
--@emph{decimal} digits, but for all kinds of digits. A consequence is
--that code like the following will @strong{not} work unconditionally for
--wide characters:
--
--@smallexample
--n = 0;
--while (iswdigit (*wc))
-- @{
-- n *= 10;
-- n += *wc++ - L'0';
-- @}
--@end smallexample
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("digit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex graphic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswgraph (wint_t @var{wc})
--Returns true if @var{wc} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("graph"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int iswlower (wint_t @var{wc})
--Returns true if @var{wc} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("lower"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex printing character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswprint (wint_t @var{wc})
--Returns true if @var{wc} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("print"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex punctuation character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswpunct (wint_t @var{wc})
--Returns true if @var{wc} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("punct"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex whitespace character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswspace (wint_t @var{wc})
--Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{iswspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item L' '
--space
--
--@item L'\f'
--formfeed
--
--@item L'\n'
--newline
--
--@item L'\r'
--carriage return
--
--@item L'\t'
--horizontal tab
--
--@item L'\v'
--vertical tab
--@end table
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("space"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex upper-case character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswupper (wint_t @var{wc})
--Returns true if @var{wc} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("upper"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswxdigit (wint_t @var{wc})
--Returns true if @var{wc} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("xdigit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@Theglibc{} also provides a function which is not defined in the
--@w{ISO C} standard but which is available as a version for single byte
--characters as well.
--
--@cindex blank character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswblank (wint_t @var{wc})
--Returns true if @var{wc} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--It is declared in @file{wchar.h}.
--@end deftypefun
--
--@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
--@section Notes on using the wide character classes
--
--The first note is probably not astonishing but still occasionally a
--cause of problems. The @code{isw@var{XXX}} functions can be implemented
--using macros and in fact, @theglibc{} does this. They are still
--available as real functions but when the @file{wctype.h} header is
--included the macros will be used. This is the same as the
--@code{char} type versions of these functions.
--
--The second note covers something new. It can be best illustrated by a
--(real-world) example. The first piece of code is an excerpt from the
--original code. It is truncated a bit but the intention should be clear.
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- if (strcmp (class, "alnum") == 0)
-- return isalnum (c);
-- if (strcmp (class, "alpha") == 0)
-- return isalpha (c);
-- if (strcmp (class, "cntrl") == 0)
-- return iscntrl (c);
-- @dots{}
-- return 0;
--@}
--@end smallexample
--
--Now, with the @code{wctype} and @code{iswctype} you can avoid the
--@code{if} cascades, but rewriting the code as follows is wrong:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype ((wint_t) c, desc) : 0;
--@}
--@end smallexample
--
--The problem is that it is not guaranteed that the wide character
--representation of a single-byte character can be found using casting.
--In fact, usually this fails miserably. The correct solution to this
--problem is to write the code as follows:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype (btowc (c), desc) : 0;
--@}
--@end smallexample
--
--@xref{Converting a Character}, for more information on @code{btowc}.
--Note that this change probably does not improve the performance
--of the program a lot since the @code{wctype} function still has to make
--the string comparisons. It gets really interesting if the
--@code{is_in_class} function is called more than once for the
--same class name. In this case the variable @var{desc} could be computed
--once and reused for all the calls. Therefore the above form of the
--function is probably not the final one.
--
--
--@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
--@section Mapping of wide characters.
--
--The classification functions are also generalized by the @w{ISO C}
--standard. Instead of just allowing the two standard mappings, a
--locale can contain others. Again, the @code{localedef} program
--already supports generating such locale data files.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data Type} wctrans_t
--This data type is defined as a scalar type which can hold a value
--representing the locale-dependent character mapping. There is no way to
--construct such a value apart from using the return value of the
--@code{wctrans} function.
--
--@pindex wctype.h
--@noindent
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
--The @code{wctrans} function has to be used to find out whether a named
--mapping is defined in the current locale selected for the
--@code{LC_CTYPE} category. If the returned value is non-zero, you can use
--it afterwards in calls to @code{towctrans}. If the return value is
--zero no such mapping is known in the current locale.
--
--Beside locale-specific mappings there are two mappings which are
--guaranteed to be available in every locale:
--
--@multitable @columnfractions .5 .5
--@item
--@code{"tolower"} @tab @code{"toupper"}
--@end multitable
--
--@pindex wctype.h
--@noindent
--These functions are declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
--@code{towctrans} maps the input character @var{wc}
--according to the rules of the mapping for which @var{desc} is a
--descriptor, and returns the value it finds. @var{desc} must be
--obtained by a successful call to @code{wctrans}.
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--For the generally available mappings, the @w{ISO C} standard defines
--convenient shortcuts so that it is not necessary to call @code{wctrans}
--for them.
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towlower (wint_t @var{wc})
--If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
--lower-case letter. If @var{wc} is not an upper-case letter,
--@var{wc} is returned unchanged.
--
--@noindent
--@code{towlower} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("tolower"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towupper (wint_t @var{wc})
--If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
--upper-case letter. Otherwise @var{wc} is returned unchanged.
--
--@noindent
--@code{towupper} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("toupper"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--The same warnings given in the last section for the use of the wide
--character classification functions apply here. It is not possible to
--simply cast a @code{char} type value to a @code{wint_t} and use it as an
--argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92ecb9cc92814d23ccb743dab61d49f352050d65
commit 92ecb9cc92814d23ccb743dab61d49f352050d65
Merge: ebdffc7 db2ee3a fa0e164
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebdffc717c6099f054d348d124c39414d7d6c9a8
commit ebdffc717c6099f054d348d124c39414d7d6c9a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 67da860..d6de884 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cbc4be3ddd767d1a801d3f67429eac5fff0e8967
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: fa0e164579ef7d32d41b16568c2074df2d84ea0d
+Head: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ refresh-temp: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..818f328
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,787 @@
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: eb7c2702254befc63994aae3ba24a286ee829464
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:43:21 -0300
+
+Refresh of manual-document-mt-safety-ctype.patch
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+deleted file mode 100644
+index f05d509..0000000
+--- a/manual/ctype.texi
++++ /dev/null
+@@ -1,772 +0,0 @@
+-@node Character Handling, String and Array Utilities, Memory, Top
+-@c %MENU% Character testing and conversion functions
+-@chapter Character Handling
+-
+-Programs that work with characters and strings often need to classify a
+-character---is it alphabetic, is it a digit, is it whitespace, and so
+-on---and perform case conversion operations on characters. The
+-functions in the header file @file{ctype.h} are provided for this
+-purpose.
+-@pindex ctype.h
+-
+-Since the choice of locale and character set can alter the
+-classifications of particular character codes, all of these functions
+-are affected by the current locale. (More precisely, they are affected
+-by the locale currently selected for character classification---the
+-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
+-
+-The @w{ISO C} standard specifies two different sets of functions. The
+-one set works on @code{char} type characters, the other one on
+-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
+-
+-@menu
+-* Classification of Characters:: Testing whether characters are
+- letters, digits, punctuation, etc.
+-
+-* Case Conversion:: Case mapping, and the like.
+-* Classification of Wide Characters:: Character class determination for
+- wide characters.
+-* Using Wide Char Classes:: Notes on using the wide character
+- classes.
+-* Wide Character Case Conversion:: Mapping of wide characters.
+-@end menu
+-
+-@node Classification of Characters, Case Conversion, , Character Handling
+-@section Classification of Characters
+-@cindex character testing
+-@cindex classification of characters
+-@cindex predicates on characters
+-@cindex character predicates
+-
+-This section explains the library functions for classifying characters.
+-For example, @code{isalpha} is the function to test for an alphabetic
+-character. It takes one argument, the character to test, and returns a
+-nonzero integer if the character is alphabetic, and zero otherwise. You
+-would use it like this:
+-
+-@smallexample
+-if (isalpha (c))
+- printf ("The character `%c' is alphabetic.\n", c);
+-@end smallexample
+-
+-Each of the functions in this section tests for membership in a
+-particular class of characters; each has a name starting with @samp{is}.
+-Each of them takes one argument, which is a character to test, and
+-returns an @code{int} which is treated as a boolean value. The
+-character argument is passed as an @code{int}, and it may be the
+-constant value @code{EOF} instead of a real character.
+-
+-The attributes of any given character can vary between locales.
+-@xref{Locales}, for more information on locales.@refill
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int islower (int @var{c})
+-Returns true if @var{c} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isupper (int @var{c})
+-Returns true if @var{c} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalpha (int @var{c})
+-Returns true if @var{c} is an alphabetic character (a letter). If
+-@code{islower} or @code{isupper} is true of a character, then
+-@code{isalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{isalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-@end deftypefun
+-
+-@cindex digit character
+-@cindex decimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isdigit (int @var{c})
+-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+-@end deftypefun
+-
+-@cindex alphanumeric character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalnum (int @var{c})
+-Returns true if @var{c} is an alphanumeric character (a letter or
+-number); in other words, if either @code{isalpha} or @code{isdigit} is
+-true of a character, then @code{isalnum} is also true.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isxdigit (int @var{c})
+-Returns true if @var{c} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int ispunct (int @var{c})
+-Returns true if @var{c} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isspace (int @var{c})
+-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{isspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item ' '
+-space
+-
+-@item '\f'
+-formfeed
+-
+-@item '\n'
+-newline
+-
+-@item '\r'
+-carriage return
+-
+-@item '\t'
+-horizontal tab
+-
+-@item '\v'
+-vertical tab
+-@end table
+-@end deftypefun
+-
+-@cindex blank character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isblank (int @var{c})
+-Returns true if @var{c} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isgraph (int @var{c})
+-Returns true if @var{c} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isprint (int @var{c})
+-Returns true if @var{c} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-@end deftypefun
+-
+-@cindex control character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iscntrl (int @var{c})
+-Returns true if @var{c} is a control character (that is, a character that
+-is not a printing character).
+-@end deftypefun
+-
+-@cindex ASCII character
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int isascii (int @var{c})
+-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+-into the US/UK ASCII character set. This function is a BSD extension
+-and is also an SVID extension.
+-@end deftypefun
+-
+-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
+-@section Case Conversion
+-@cindex character case conversion
+-@cindex case conversion of characters
+-@cindex converting case of characters
+-
+-This section explains the library functions for performing conversions
+-such as case mappings on characters. For example, @code{toupper}
+-converts any character to upper case if possible. If the character
+-can't be converted, @code{toupper} returns it unchanged.
+-
+-These functions take one argument of type @code{int}, which is the
+-character to convert, and return the converted character as an
+-@code{int}. If the conversion is not applicable to the argument given,
+-the argument is returned unchanged.
+-
+-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
+-returning the argument unchanged, these functions may fail when the
+-argument is not suitable for the conversion. Thus for portability, you
+-may need to write @code{islower(c) ? toupper(c) : c} rather than just
+-@code{toupper(c)}.
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int tolower (int @var{c})
+-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+-lower-case letter. If @var{c} is not an upper-case letter,
+-@var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int toupper (int @var{c})
+-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+-upper-case letter. Otherwise @var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int toascii (int @var{c})
+-This function converts @var{c} to a 7-bit @code{unsigned char} value
+-that fits into the US/UK ASCII character set, by clearing the high-order
+-bits. This function is a BSD extension and is also an SVID extension.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _tolower (int @var{c})
+-This is identical to @code{tolower}, and is provided for compatibility
+-with the SVID. @xref{SVID}.@refill
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _toupper (int @var{c})
+-This is identical to @code{toupper}, and is provided for compatibility
+-with the SVID.
+-@end deftypefun
+-
+-
+-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
+-@section Character class determination for wide characters
+-
+-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
+-characters. Although the original @w{ISO C90} standard already defined
+-the type @code{wchar_t}, no functions operating on them were defined.
+-
+-The general design of the classification functions for wide characters
+-is more general. It allows extensions to the set of available
+-classifications, beyond those which are always available. The POSIX
+-standard specifies how extensions can be made, and this is already
+-implemented in the @glibcadj{} implementation of the @code{localedef}
+-program.
+-
+-The character class functions are normally implemented with bitsets,
+-with a bitset per character. For a given character, the appropriate
+-bitset is read from a table and a test is performed as to whether a
+-certain bit is set. Which bit is tested for is determined by the
+-class.
+-
+-For the wide character classification functions this is made visible.
+-There is a type classification type defined, a function to retrieve this
+-value for a given class, and a function to test whether a given
+-character is in this class, using the classification value. On top of
+-this the normal character classification functions as used for
+-@code{char} objects can be defined.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data type} wctype_t
+-The @code{wctype_t} can hold a value which represents a character class.
+-The only defined way to generate such a value is by using the
+-@code{wctype} function.
+-
+-@pindex wctype.h
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctype_t wctype (const char *@var{property})
+-The @code{wctype} returns a value representing a class of wide
+-characters which is identified by the string @var{property}. Beside
+-some standard properties each locale can define its own ones. In case
+-no property with the given name is known for the current locale
+-selected for the @code{LC_CTYPE} category, the function returns zero.
+-
+-@noindent
+-The properties known in every locale are:
+-
+-@multitable @columnfractions .25 .25 .25 .25
+-@item
+-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
+-@item
+-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
+-@item
+-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
+-@end multitable
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To test the membership of a character to one of the non-standard classes
+-the @w{ISO C} standard defines a completely new function.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+-This function returns a nonzero value if @var{wc} is in the character
+-class specified by @var{desc}. @var{desc} must previously be returned
+-by a successful call to @code{wctype}.
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To make it easier to use the commonly-used classification functions,
+-they are defined in the C library. There is no need to use
+-@code{wctype} if the property string is one of the known character
+-classes. In some situations it is desirable to construct the property
+-strings, and then it is important that @code{wctype} can also handle the
+-standard classes.
+-
+-@cindex alphanumeric character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalnum (wint_t @var{wc})
+-This function returns a nonzero value if @var{wc} is an alphanumeric
+-character (a letter or number); in other words, if either @code{iswalpha}
+-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+-true.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alnum"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalpha (wint_t @var{wc})
+-Returns true if @var{wc} is an alphabetic character (a letter). If
+-@code{iswlower} or @code{iswupper} is true of a character, then
+-@code{iswalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{iswalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alpha"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex control character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswcntrl (wint_t @var{wc})
+-Returns true if @var{wc} is a control character (that is, a character that
+-is not a printing character).
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("cntrl"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+-Please note that this function does not only return a nonzero value for
+-@emph{decimal} digits, but for all kinds of digits. A consequence is
+-that code like the following will @strong{not} work unconditionally for
+-wide characters:
+-
+-@smallexample
+-n = 0;
+-while (iswdigit (*wc))
+- @{
+- n *= 10;
+- n += *wc++ - L'0';
+- @}
+-@end smallexample
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("digit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswgraph (wint_t @var{wc})
+-Returns true if @var{wc} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("graph"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iswlower (wint_t @var{wc})
+-Returns true if @var{wc} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("lower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswprint (wint_t @var{wc})
+-Returns true if @var{wc} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("print"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswpunct (wint_t @var{wc})
+-Returns true if @var{wc} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("punct"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswspace (wint_t @var{wc})
+-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{iswspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item L' '
+-space
+-
+-@item L'\f'
+-formfeed
+-
+-@item L'\n'
+-newline
+-
+-@item L'\r'
+-carriage return
+-
+-@item L'\t'
+-horizontal tab
+-
+-@item L'\v'
+-vertical tab
+-@end table
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("space"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswupper (wint_t @var{wc})
+-Returns true if @var{wc} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("upper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswxdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("xdigit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@Theglibc{} also provides a function which is not defined in the
+-@w{ISO C} standard but which is available as a version for single byte
+-characters as well.
+-
+-@cindex blank character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswblank (wint_t @var{wc})
+-Returns true if @var{wc} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-It is declared in @file{wchar.h}.
+-@end deftypefun
+-
+-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
+-@section Notes on using the wide character classes
+-
+-The first note is probably not astonishing but still occasionally a
+-cause of problems. The @code{isw@var{XXX}} functions can be implemented
+-using macros and in fact, @theglibc{} does this. They are still
+-available as real functions but when the @file{wctype.h} header is
+-included the macros will be used. This is the same as the
+-@code{char} type versions of these functions.
+-
+-The second note covers something new. It can be best illustrated by a
+-(real-world) example. The first piece of code is an excerpt from the
+-original code. It is truncated a bit but the intention should be clear.
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- if (strcmp (class, "alnum") == 0)
+- return isalnum (c);
+- if (strcmp (class, "alpha") == 0)
+- return isalpha (c);
+- if (strcmp (class, "cntrl") == 0)
+- return iscntrl (c);
+- @dots{}
+- return 0;
+-@}
+-@end smallexample
+-
+-Now, with the @code{wctype} and @code{iswctype} you can avoid the
+-@code{if} cascades, but rewriting the code as follows is wrong:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype ((wint_t) c, desc) : 0;
+-@}
+-@end smallexample
+-
+-The problem is that it is not guaranteed that the wide character
+-representation of a single-byte character can be found using casting.
+-In fact, usually this fails miserably. The correct solution to this
+-problem is to write the code as follows:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype (btowc (c), desc) : 0;
+-@}
+-@end smallexample
+-
+-@xref{Converting a Character}, for more information on @code{btowc}.
+-Note that this change probably does not improve the performance
+-of the program a lot since the @code{wctype} function still has to make
+-the string comparisons. It gets really interesting if the
+-@code{is_in_class} function is called more than once for the
+-same class name. In this case the variable @var{desc} could be computed
+-once and reused for all the calls. Therefore the above form of the
+-function is probably not the final one.
+-
+-
+-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
+-@section Mapping of wide characters.
+-
+-The classification functions are also generalized by the @w{ISO C}
+-standard. Instead of just allowing the two standard mappings, a
+-locale can contain others. Again, the @code{localedef} program
+-already supports generating such locale data files.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data Type} wctrans_t
+-This data type is defined as a scalar type which can hold a value
+-representing the locale-dependent character mapping. There is no way to
+-construct such a value apart from using the return value of the
+-@code{wctrans} function.
+-
+-@pindex wctype.h
+-@noindent
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+-The @code{wctrans} function has to be used to find out whether a named
+-mapping is defined in the current locale selected for the
+-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
+-it afterwards in calls to @code{towctrans}. If the return value is
+-zero no such mapping is known in the current locale.
+-
+-Beside locale-specific mappings there are two mappings which are
+-guaranteed to be available in every locale:
+-
+-@multitable @columnfractions .5 .5
+-@item
+-@code{"tolower"} @tab @code{"toupper"}
+-@end multitable
+-
+-@pindex wctype.h
+-@noindent
+-These functions are declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+-@code{towctrans} maps the input character @var{wc}
+-according to the rules of the mapping for which @var{desc} is a
+-descriptor, and returns the value it finds. @var{desc} must be
+-obtained by a successful call to @code{wctrans}.
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-For the generally available mappings, the @w{ISO C} standard defines
+-convenient shortcuts so that it is not necessary to call @code{wctrans}
+-for them.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towlower (wint_t @var{wc})
+-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+-lower-case letter. If @var{wc} is not an upper-case letter,
+-@var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towlower} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("tolower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towupper (wint_t @var{wc})
+-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+-upper-case letter. Otherwise @var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towupper} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("toupper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-The same warnings given in the last section for the use of the wide
+-character classification functions apply here. It is not possible to
+-simply cast a @code{char} type value to a @code{wint_t} and use it as an
+-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
commit db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
Refresh of manual-document-mt-safety-ctype.patch
diff --git a/manual/ctype.texi b/manual/ctype.texi
deleted file mode 100644
index f05d509..0000000
--- a/manual/ctype.texi
+++ /dev/null
@@ -1,772 +0,0 @@
-@node Character Handling, String and Array Utilities, Memory, Top
-@c %MENU% Character testing and conversion functions
-@chapter Character Handling
-
-Programs that work with characters and strings often need to classify a
-character---is it alphabetic, is it a digit, is it whitespace, and so
-on---and perform case conversion operations on characters. The
-functions in the header file @file{ctype.h} are provided for this
-purpose.
-@pindex ctype.h
-
-Since the choice of locale and character set can alter the
-classifications of particular character codes, all of these functions
-are affected by the current locale. (More precisely, they are affected
-by the locale currently selected for character classification---the
-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
-
-The @w{ISO C} standard specifies two different sets of functions. The
-one set works on @code{char} type characters, the other one on
-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
-
-@menu
-* Classification of Characters:: Testing whether characters are
- letters, digits, punctuation, etc.
-
-* Case Conversion:: Case mapping, and the like.
-* Classification of Wide Characters:: Character class determination for
- wide characters.
-* Using Wide Char Classes:: Notes on using the wide character
- classes.
-* Wide Character Case Conversion:: Mapping of wide characters.
-@end menu
-
-@node Classification of Characters, Case Conversion, , Character Handling
-@section Classification of Characters
-@cindex character testing
-@cindex classification of characters
-@cindex predicates on characters
-@cindex character predicates
-
-This section explains the library functions for classifying characters.
-For example, @code{isalpha} is the function to test for an alphabetic
-character. It takes one argument, the character to test, and returns a
-nonzero integer if the character is alphabetic, and zero otherwise. You
-would use it like this:
-
-@smallexample
-if (isalpha (c))
- printf ("The character `%c' is alphabetic.\n", c);
-@end smallexample
-
-Each of the functions in this section tests for membership in a
-particular class of characters; each has a name starting with @samp{is}.
-Each of them takes one argument, which is a character to test, and
-returns an @code{int} which is treated as a boolean value. The
-character argument is passed as an @code{int}, and it may be the
-constant value @code{EOF} instead of a real character.
-
-The attributes of any given character can vary between locales.
-@xref{Locales}, for more information on locales.@refill
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int islower (int @var{c})
-Returns true if @var{c} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex upper-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int isupper (int @var{c})
-Returns true if @var{c} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex alphabetic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalpha (int @var{c})
-Returns true if @var{c} is an alphabetic character (a letter). If
-@code{islower} or @code{isupper} is true of a character, then
-@code{isalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{isalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-@end deftypefun
-
-@cindex digit character
-@cindex decimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isdigit (int @var{c})
-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
-@end deftypefun
-
-@cindex alphanumeric character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalnum (int @var{c})
-Returns true if @var{c} is an alphanumeric character (a letter or
-number); in other words, if either @code{isalpha} or @code{isdigit} is
-true of a character, then @code{isalnum} is also true.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isxdigit (int @var{c})
-Returns true if @var{c} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-@end deftypefun
-
-@cindex punctuation character
-@comment ctype.h
-@comment ISO
-@deftypefun int ispunct (int @var{c})
-Returns true if @var{c} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-@end deftypefun
-
-@cindex whitespace character
-@comment ctype.h
-@comment ISO
-@deftypefun int isspace (int @var{c})
-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{isspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item ' '
-space
-
-@item '\f'
-formfeed
-
-@item '\n'
-newline
-
-@item '\r'
-carriage return
-
-@item '\t'
-horizontal tab
-
-@item '\v'
-vertical tab
-@end table
-@end deftypefun
-
-@cindex blank character
-@comment ctype.h
-@comment ISO
-@deftypefun int isblank (int @var{c})
-Returns true if @var{c} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-@end deftypefun
-
-@cindex graphic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isgraph (int @var{c})
-Returns true if @var{c} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-@end deftypefun
-
-@cindex printing character
-@comment ctype.h
-@comment ISO
-@deftypefun int isprint (int @var{c})
-Returns true if @var{c} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-@end deftypefun
-
-@cindex control character
-@comment ctype.h
-@comment ISO
-@deftypefun int iscntrl (int @var{c})
-Returns true if @var{c} is a control character (that is, a character that
-is not a printing character).
-@end deftypefun
-
-@cindex ASCII character
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int isascii (int @var{c})
-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
-into the US/UK ASCII character set. This function is a BSD extension
-and is also an SVID extension.
-@end deftypefun
-
-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
-@section Case Conversion
-@cindex character case conversion
-@cindex case conversion of characters
-@cindex converting case of characters
-
-This section explains the library functions for performing conversions
-such as case mappings on characters. For example, @code{toupper}
-converts any character to upper case if possible. If the character
-can't be converted, @code{toupper} returns it unchanged.
-
-These functions take one argument of type @code{int}, which is the
-character to convert, and return the converted character as an
-@code{int}. If the conversion is not applicable to the argument given,
-the argument is returned unchanged.
-
-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
-returning the argument unchanged, these functions may fail when the
-argument is not suitable for the conversion. Thus for portability, you
-may need to write @code{islower(c) ? toupper(c) : c} rather than just
-@code{toupper(c)}.
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@comment ctype.h
-@comment ISO
-@deftypefun int tolower (int @var{c})
-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
-lower-case letter. If @var{c} is not an upper-case letter,
-@var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment ISO
-@deftypefun int toupper (int @var{c})
-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
-upper-case letter. Otherwise @var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int toascii (int @var{c})
-This function converts @var{c} to a 7-bit @code{unsigned char} value
-that fits into the US/UK ASCII character set, by clearing the high-order
-bits. This function is a BSD extension and is also an SVID extension.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _tolower (int @var{c})
-This is identical to @code{tolower}, and is provided for compatibility
-with the SVID. @xref{SVID}.@refill
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _toupper (int @var{c})
-This is identical to @code{toupper}, and is provided for compatibility
-with the SVID.
-@end deftypefun
-
-
-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
-@section Character class determination for wide characters
-
-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
-characters. Although the original @w{ISO C90} standard already defined
-the type @code{wchar_t}, no functions operating on them were defined.
-
-The general design of the classification functions for wide characters
-is more general. It allows extensions to the set of available
-classifications, beyond those which are always available. The POSIX
-standard specifies how extensions can be made, and this is already
-implemented in the @glibcadj{} implementation of the @code{localedef}
-program.
-
-The character class functions are normally implemented with bitsets,
-with a bitset per character. For a given character, the appropriate
-bitset is read from a table and a test is performed as to whether a
-certain bit is set. Which bit is tested for is determined by the
-class.
-
-For the wide character classification functions this is made visible.
-There is a type classification type defined, a function to retrieve this
-value for a given class, and a function to test whether a given
-character is in this class, using the classification value. On top of
-this the normal character classification functions as used for
-@code{char} objects can be defined.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data type} wctype_t
-The @code{wctype_t} can hold a value which represents a character class.
-The only defined way to generate such a value is by using the
-@code{wctype} function.
-
-@pindex wctype.h
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctype_t wctype (const char *@var{property})
-The @code{wctype} returns a value representing a class of wide
-characters which is identified by the string @var{property}. Beside
-some standard properties each locale can define its own ones. In case
-no property with the given name is known for the current locale
-selected for the @code{LC_CTYPE} category, the function returns zero.
-
-@noindent
-The properties known in every locale are:
-
-@multitable @columnfractions .25 .25 .25 .25
-@item
-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
-@item
-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
-@item
-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
-@end multitable
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To test the membership of a character to one of the non-standard classes
-the @w{ISO C} standard defines a completely new function.
-
-@comment wctype.h
-@comment ISO
-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-This function returns a nonzero value if @var{wc} is in the character
-class specified by @var{desc}. @var{desc} must previously be returned
-by a successful call to @code{wctype}.
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To make it easier to use the commonly-used classification functions,
-they are defined in the C library. There is no need to use
-@code{wctype} if the property string is one of the known character
-classes. In some situations it is desirable to construct the property
-strings, and then it is important that @code{wctype} can also handle the
-standard classes.
-
-@cindex alphanumeric character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalnum (wint_t @var{wc})
-This function returns a nonzero value if @var{wc} is an alphanumeric
-character (a letter or number); in other words, if either @code{iswalpha}
-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-true.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alnum"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex alphabetic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalpha (wint_t @var{wc})
-Returns true if @var{wc} is an alphabetic character (a letter). If
-@code{iswlower} or @code{iswupper} is true of a character, then
-@code{iswalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{iswalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alpha"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex control character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswcntrl (wint_t @var{wc})
-Returns true if @var{wc} is a control character (that is, a character that
-is not a printing character).
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("cntrl"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswdigit (wint_t @var{wc})
-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
-Please note that this function does not only return a nonzero value for
-@emph{decimal} digits, but for all kinds of digits. A consequence is
-that code like the following will @strong{not} work unconditionally for
-wide characters:
-
-@smallexample
-n = 0;
-while (iswdigit (*wc))
- @{
- n *= 10;
- n += *wc++ - L'0';
- @}
-@end smallexample
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("digit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex graphic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswgraph (wint_t @var{wc})
-Returns true if @var{wc} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("graph"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int iswlower (wint_t @var{wc})
-Returns true if @var{wc} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("lower"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex printing character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswprint (wint_t @var{wc})
-Returns true if @var{wc} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("print"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex punctuation character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswpunct (wint_t @var{wc})
-Returns true if @var{wc} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("punct"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex whitespace character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswspace (wint_t @var{wc})
-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{iswspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item L' '
-space
-
-@item L'\f'
-formfeed
-
-@item L'\n'
-newline
-
-@item L'\r'
-carriage return
-
-@item L'\t'
-horizontal tab
-
-@item L'\v'
-vertical tab
-@end table
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("space"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex upper-case character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswupper (wint_t @var{wc})
-Returns true if @var{wc} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("upper"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswxdigit (wint_t @var{wc})
-Returns true if @var{wc} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("xdigit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@Theglibc{} also provides a function which is not defined in the
-@w{ISO C} standard but which is available as a version for single byte
-characters as well.
-
-@cindex blank character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswblank (wint_t @var{wc})
-Returns true if @var{wc} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-It is declared in @file{wchar.h}.
-@end deftypefun
-
-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
-@section Notes on using the wide character classes
-
-The first note is probably not astonishing but still occasionally a
-cause of problems. The @code{isw@var{XXX}} functions can be implemented
-using macros and in fact, @theglibc{} does this. They are still
-available as real functions but when the @file{wctype.h} header is
-included the macros will be used. This is the same as the
-@code{char} type versions of these functions.
-
-The second note covers something new. It can be best illustrated by a
-(real-world) example. The first piece of code is an excerpt from the
-original code. It is truncated a bit but the intention should be clear.
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- if (strcmp (class, "alnum") == 0)
- return isalnum (c);
- if (strcmp (class, "alpha") == 0)
- return isalpha (c);
- if (strcmp (class, "cntrl") == 0)
- return iscntrl (c);
- @dots{}
- return 0;
-@}
-@end smallexample
-
-Now, with the @code{wctype} and @code{iswctype} you can avoid the
-@code{if} cascades, but rewriting the code as follows is wrong:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype ((wint_t) c, desc) : 0;
-@}
-@end smallexample
-
-The problem is that it is not guaranteed that the wide character
-representation of a single-byte character can be found using casting.
-In fact, usually this fails miserably. The correct solution to this
-problem is to write the code as follows:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype (btowc (c), desc) : 0;
-@}
-@end smallexample
-
-@xref{Converting a Character}, for more information on @code{btowc}.
-Note that this change probably does not improve the performance
-of the program a lot since the @code{wctype} function still has to make
-the string comparisons. It gets really interesting if the
-@code{is_in_class} function is called more than once for the
-same class name. In this case the variable @var{desc} could be computed
-once and reused for all the calls. Therefore the above form of the
-function is probably not the final one.
-
-
-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
-@section Mapping of wide characters.
-
-The classification functions are also generalized by the @w{ISO C}
-standard. Instead of just allowing the two standard mappings, a
-locale can contain others. Again, the @code{localedef} program
-already supports generating such locale data files.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data Type} wctrans_t
-This data type is defined as a scalar type which can hold a value
-representing the locale-dependent character mapping. There is no way to
-construct such a value apart from using the return value of the
-@code{wctrans} function.
-
-@pindex wctype.h
-@noindent
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-The @code{wctrans} function has to be used to find out whether a named
-mapping is defined in the current locale selected for the
-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-it afterwards in calls to @code{towctrans}. If the return value is
-zero no such mapping is known in the current locale.
-
-Beside locale-specific mappings there are two mappings which are
-guaranteed to be available in every locale:
-
-@multitable @columnfractions .5 .5
-@item
-@code{"tolower"} @tab @code{"toupper"}
-@end multitable
-
-@pindex wctype.h
-@noindent
-These functions are declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-@code{towctrans} maps the input character @var{wc}
-according to the rules of the mapping for which @var{desc} is a
-descriptor, and returns the value it finds. @var{desc} must be
-obtained by a successful call to @code{wctrans}.
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-For the generally available mappings, the @w{ISO C} standard defines
-convenient shortcuts so that it is not necessary to call @code{wctrans}
-for them.
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towlower (wint_t @var{wc})
-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
-lower-case letter. If @var{wc} is not an upper-case letter,
-@var{wc} is returned unchanged.
-
-@noindent
-@code{towlower} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("tolower"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towupper (wint_t @var{wc})
-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
-upper-case letter. Otherwise @var{wc} is returned unchanged.
-
-@noindent
-@code{towupper} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("toupper"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-The same warnings given in the last section for the use of the wide
-character classification functions apply here. It is not possible to
-simply cast a @code{char} type value to a @code{wint_t} and use it as an
-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa0e164579ef7d32d41b16568c2074df2d84ea0d
commit fa0e164579ef7d32d41b16568c2074df2d84ea0d
Merge: 0c6b51e cbc4be3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0c6b51ef21491ce02925e57be1ad62a3092f80bd
commit 0c6b51ef21491ce02925e57be1ad62a3092f80bd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:18 2013 -0300
pop
diff --git a/meta b/meta
index ef3aba8..67da860 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: baea205847066607047dd828d088c2a21b4fe579
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: cbc4be3ddd767d1a801d3f67429eac5fff0e8967
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cbc4be3ddd767d1a801d3f67429eac5fff0e8967
commit cbc4be3ddd767d1a801d3f67429eac5fff0e8967
Merge: 2d1d41c baea205
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:14 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d1d41c7d1961ee9a8f9af4f26f29cabeb0e9b14
commit 2d1d41c7d1961ee9a8f9af4f26f29cabeb0e9b14
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:14 2013 -0300
push
diff --git a/meta b/meta
index a20a64c..ef3aba8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: baea205847066607047dd828d088c2a21b4fe579
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
-Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=baea205847066607047dd828d088c2a21b4fe579
commit baea205847066607047dd828d088c2a21b4fe579
Merge: e1993fd 379d50f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:09 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1993fd328095ec2bac2ce9d8c27be4419a1e6db
commit e1993fd328095ec2bac2ce9d8c27be4419a1e6db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:09 2013 -0300
pop
diff --git a/meta b/meta
index e28cb54..a20a64c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 68ad03a2bd4e779f8534fbbf955a2379d7675d61
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
commit 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
Merge: 4299902 68ad03a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:06 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=429990230516f6434579b7a3523a920be3eec486
commit 429990230516f6434579b7a3523a920be3eec486
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:06 2013 -0300
push
diff --git a/meta b/meta
index f078157..e28cb54 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8d732b6a6019c8134449d0fd5d3cec94a3afe753
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: 68ad03a2bd4e779f8534fbbf955a2379d7675d61
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
-Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68ad03a2bd4e779f8534fbbf955a2379d7675d61
commit 68ad03a2bd4e779f8534fbbf955a2379d7675d61
Merge: be19042 8d732b6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:39:49 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=be19042545f83d50cbda072f3aaa8a179076107c
commit be19042545f83d50cbda072f3aaa8a179076107c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:39:49 2013 -0300
rename
diff --git a/meta b/meta
index c571acf..f078157 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 7ed2a05df36796dedeb1b73c973d17de5092684f
+Previous: 8d732b6a6019c8134449d0fd5d3cec94a3afe753
Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype.patch
similarity index 100%
rename from patches/manual-document-mt-safety-ctype-wip.patch
rename to patches/manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d732b6a6019c8134449d0fd5d3cec94a3afe753
commit 8d732b6a6019c8134449d0fd5d3cec94a3afe753
Merge: 9836204 7ed2a05
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:38:56 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=98362048fdc4833994d62eadfdffa043cbb98bde
commit 98362048fdc4833994d62eadfdffa043cbb98bde
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:38:56 2013 -0300
pop
diff --git a/meta b/meta
index d70635d..c571acf 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b0ce064083475ab914baa5244960e369cf0a2e10
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: 7ed2a05df36796dedeb1b73c973d17de5092684f
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
commit 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fbb71ce3cced40f87c25964011852d114f327c36
commit fbb71ce3cced40f87c25964011852d114f327c36
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..f05d509 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b1da9d49b81e23d658de4369181599c33e3acd9e
commit b1da9d49b81e23d658de4369181599c33e3acd9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
deleted file mode 100644
index 3d13571..0000000
--- a/manual/ctype.texi
+++ /dev/null
@@ -1,770 +0,0 @@
-@node Character Handling, String and Array Utilities, Memory, Top
-@c %MENU% Character testing and conversion functions
-@chapter Character Handling
-
-Programs that work with characters and strings often need to classify a
-character---is it alphabetic, is it a digit, is it whitespace, and so
-on---and perform case conversion operations on characters. The
-functions in the header file @file{ctype.h} are provided for this
-purpose.
-@pindex ctype.h
-
-Since the choice of locale and character set can alter the
-classifications of particular character codes, all of these functions
-are affected by the current locale. (More precisely, they are affected
-by the locale currently selected for character classification---the
-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
-
-The @w{ISO C} standard specifies two different sets of functions. The
-one set works on @code{char} type characters, the other one on
-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
-
-@menu
-* Classification of Characters:: Testing whether characters are
- letters, digits, punctuation, etc.
-
-* Case Conversion:: Case mapping, and the like.
-* Classification of Wide Characters:: Character class determination for
- wide characters.
-* Using Wide Char Classes:: Notes on using the wide character
- classes.
-* Wide Character Case Conversion:: Mapping of wide characters.
-@end menu
-
-@node Classification of Characters, Case Conversion, , Character Handling
-@section Classification of Characters
-@cindex character testing
-@cindex classification of characters
-@cindex predicates on characters
-@cindex character predicates
-
-This section explains the library functions for classifying characters.
-For example, @code{isalpha} is the function to test for an alphabetic
-character. It takes one argument, the character to test, and returns a
-nonzero integer if the character is alphabetic, and zero otherwise. You
-would use it like this:
-
-@smallexample
-if (isalpha (c))
- printf ("The character `%c' is alphabetic.\n", c);
-@end smallexample
-
-Each of the functions in this section tests for membership in a
-particular class of characters; each has a name starting with @samp{is}.
-Each of them takes one argument, which is a character to test, and
-returns an @code{int} which is treated as a boolean value. The
-character argument is passed as an @code{int}, and it may be the
-constant value @code{EOF} instead of a real character.
-
-The attributes of any given character can vary between locales.
-@xref{Locales}, for more information on locales.@refill
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int islower (int @var{c})
-Returns true if @var{c} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex upper-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int isupper (int @var{c})
-Returns true if @var{c} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex alphabetic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalpha (int @var{c})
-Returns true if @var{c} is an alphabetic character (a letter). If
-@code{islower} or @code{isupper} is true of a character, then
-@code{isalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{isalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-@end deftypefun
-
-@cindex digit character
-@cindex decimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isdigit (int @var{c})
-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
-@end deftypefun
-
-@cindex alphanumeric character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalnum (int @var{c})
-Returns true if @var{c} is an alphanumeric character (a letter or
-number); in other words, if either @code{isalpha} or @code{isdigit} is
-true of a character, then @code{isalnum} is also true.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isxdigit (int @var{c})
-Returns true if @var{c} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-@end deftypefun
-
-@cindex punctuation character
-@comment ctype.h
-@comment ISO
-@deftypefun int ispunct (int @var{c})
-Returns true if @var{c} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-@end deftypefun
-
-@cindex whitespace character
-@comment ctype.h
-@comment ISO
-@deftypefun int isspace (int @var{c})
-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{isspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item ' '
-space
-
-@item '\f'
-formfeed
-
-@item '\n'
-newline
-
-@item '\r'
-carriage return
-
-@item '\t'
-horizontal tab
-
-@item '\v'
-vertical tab
-@end table
-@end deftypefun
-
-@cindex blank character
-@comment ctype.h
-@comment ISO
-@deftypefun int isblank (int @var{c})
-Returns true if @var{c} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-@end deftypefun
-
-@cindex graphic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isgraph (int @var{c})
-Returns true if @var{c} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-@end deftypefun
-
-@cindex printing character
-@comment ctype.h
-@comment ISO
-@deftypefun int isprint (int @var{c})
-Returns true if @var{c} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-@end deftypefun
-
-@cindex control character
-@comment ctype.h
-@comment ISO
-@deftypefun int iscntrl (int @var{c})
-Returns true if @var{c} is a control character (that is, a character that
-is not a printing character).
-@end deftypefun
-
-@cindex ASCII character
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int isascii (int @var{c})
-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
-into the US/UK ASCII character set. This function is a BSD extension
-and is also an SVID extension.
-@end deftypefun
-
-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
-@section Case Conversion
-@cindex character case conversion
-@cindex case conversion of characters
-@cindex converting case of characters
-
-This section explains the library functions for performing conversions
-such as case mappings on characters. For example, @code{toupper}
-converts any character to upper case if possible. If the character
-can't be converted, @code{toupper} returns it unchanged.
-
-These functions take one argument of type @code{int}, which is the
-character to convert, and return the converted character as an
-@code{int}. If the conversion is not applicable to the argument given,
-the argument is returned unchanged.
-
-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
-returning the argument unchanged, these functions may fail when the
-argument is not suitable for the conversion. Thus for portability, you
-may need to write @code{islower(c) ? toupper(c) : c} rather than just
-@code{toupper(c)}.
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@comment ctype.h
-@comment ISO
-@deftypefun int tolower (int @var{c})
-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
-lower-case letter. If @var{c} is not an upper-case letter,
-@var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment ISO
-@deftypefun int toupper (int @var{c})
-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
-upper-case letter. Otherwise @var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int toascii (int @var{c})
-This function converts @var{c} to a 7-bit @code{unsigned char} value
-that fits into the US/UK ASCII character set, by clearing the high-order
-bits. This function is a BSD extension and is also an SVID extension.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _tolower (int @var{c})
-This is identical to @code{tolower}, and is provided for compatibility
-with the SVID. @xref{SVID}.@refill
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _toupper (int @var{c})
-This is identical to @code{toupper}, and is provided for compatibility
-with the SVID.
-@end deftypefun
-
-
-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
-@section Character class determination for wide characters
-
-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
-characters. Although the original @w{ISO C90} standard already defined
-the type @code{wchar_t}, no functions operating on them were defined.
-
-The general design of the classification functions for wide characters
-is more general. It allows extensions to the set of available
-classifications, beyond those which are always available. The POSIX
-standard specifies how extensions can be made, and this is already
-implemented in the @glibcadj{} implementation of the @code{localedef}
-program.
-
-The character class functions are normally implemented with bitsets,
-with a bitset per character. For a given character, the appropriate
-bitset is read from a table and a test is performed as to whether a
-certain bit is set. Which bit is tested for is determined by the
-class.
-
-For the wide character classification functions this is made visible.
-There is a type classification type defined, a function to retrieve this
-value for a given class, and a function to test whether a given
-character is in this class, using the classification value. On top of
-this the normal character classification functions as used for
-@code{char} objects can be defined.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data type} wctype_t
-The @code{wctype_t} can hold a value which represents a character class.
-The only defined way to generate such a value is by using the
-@code{wctype} function.
-
-@pindex wctype.h
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctype_t wctype (const char *@var{property})
-The @code{wctype} returns a value representing a class of wide
-characters which is identified by the string @var{property}. Beside
-some standard properties each locale can define its own ones. In case
-no property with the given name is known for the current locale
-selected for the @code{LC_CTYPE} category, the function returns zero.
-
-@noindent
-The properties known in every locale are:
-
-@multitable @columnfractions .25 .25 .25 .25
-@item
-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
-@item
-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
-@item
-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
-@end multitable
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To test the membership of a character to one of the non-standard classes
-the @w{ISO C} standard defines a completely new function.
-
-@comment wctype.h
-@comment ISO
-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-This function returns a nonzero value if @var{wc} is in the character
-class specified by @var{desc}. @var{desc} must previously be returned
-by a successful call to @code{wctype}.
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To make it easier to use the commonly-used classification functions,
-they are defined in the C library. There is no need to use
-@code{wctype} if the property string is one of the known character
-classes. In some situations it is desirable to construct the property
-strings, and then it is important that @code{wctype} can also handle the
-standard classes.
-
-@cindex alphanumeric character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalnum (wint_t @var{wc})
-This function returns a nonzero value if @var{wc} is an alphanumeric
-character (a letter or number); in other words, if either @code{iswalpha}
-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-true.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alnum"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex alphabetic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalpha (wint_t @var{wc})
-Returns true if @var{wc} is an alphabetic character (a letter). If
-@code{iswlower} or @code{iswupper} is true of a character, then
-@code{iswalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{iswalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alpha"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex control character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswcntrl (wint_t @var{wc})
-Returns true if @var{wc} is a control character (that is, a character that
-is not a printing character).
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("cntrl"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswdigit (wint_t @var{wc})
-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
-Please note that this function does not only return a nonzero value for
-@emph{decimal} digits, but for all kinds of digits. A consequence is
-that code like the following will @strong{not} work unconditionally for
-wide characters:
-
-@smallexample
-n = 0;
-while (iswdigit (*wc))
- @{
- n *= 10;
- n += *wc++ - L'0';
- @}
-@end smallexample
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("digit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex graphic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswgraph (wint_t @var{wc})
-Returns true if @var{wc} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("graph"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int iswlower (wint_t @var{wc})
-Returns true if @var{wc} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("lower"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex printing character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswprint (wint_t @var{wc})
-Returns true if @var{wc} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("print"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex punctuation character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswpunct (wint_t @var{wc})
-Returns true if @var{wc} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("punct"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex whitespace character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswspace (wint_t @var{wc})
-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{iswspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item L' '
-space
-
-@item L'\f'
-formfeed
-
-@item L'\n'
-newline
-
-@item L'\r'
-carriage return
-
-@item L'\t'
-horizontal tab
-
-@item L'\v'
-vertical tab
-@end table
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("space"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex upper-case character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswupper (wint_t @var{wc})
-Returns true if @var{wc} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("upper"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswxdigit (wint_t @var{wc})
-Returns true if @var{wc} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("xdigit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@Theglibc{} also provides a function which is not defined in the
-@w{ISO C} standard but which is available as a version for single byte
-characters as well.
-
-@cindex blank character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswblank (wint_t @var{wc})
-Returns true if @var{wc} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-It is declared in @file{wchar.h}.
-@end deftypefun
-
-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
-@section Notes on using the wide character classes
-
-The first note is probably not astonishing but still occasionally a
-cause of problems. The @code{isw@var{XXX}} functions can be implemented
-using macros and in fact, @theglibc{} does this. They are still
-available as real functions but when the @file{wctype.h} header is
-included the macros will be used. This is the same as the
-@code{char} type versions of these functions.
-
-The second note covers something new. It can be best illustrated by a
-(real-world) example. The first piece of code is an excerpt from the
-original code. It is truncated a bit but the intention should be clear.
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- if (strcmp (class, "alnum") == 0)
- return isalnum (c);
- if (strcmp (class, "alpha") == 0)
- return isalpha (c);
- if (strcmp (class, "cntrl") == 0)
- return iscntrl (c);
- @dots{}
- return 0;
-@}
-@end smallexample
-
-Now, with the @code{wctype} and @code{iswctype} you can avoid the
-@code{if} cascades, but rewriting the code as follows is wrong:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype ((wint_t) c, desc) : 0;
-@}
-@end smallexample
-
-The problem is that it is not guaranteed that the wide character
-representation of a single-byte character can be found using casting.
-In fact, usually this fails miserably. The correct solution to this
-problem is to write the code as follows:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype (btowc (c), desc) : 0;
-@}
-@end smallexample
-
-@xref{Converting a Character}, for more information on @code{btowc}.
-Note that this change probably does not improve the performance
-of the program a lot since the @code{wctype} function still has to make
-the string comparisons. It gets really interesting if the
-@code{is_in_class} function is called more than once for the
-same class name. In this case the variable @var{desc} could be computed
-once and reused for all the calls. Therefore the above form of the
-function is probably not the final one.
-
-
-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
-@section Mapping of wide characters.
-
-The classification functions are also generalized by the @w{ISO C}
-standard. Instead of just allowing the two standard mappings, a
-locale can contain others. Again, the @code{localedef} program
-already supports generating such locale data files.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data Type} wctrans_t
-This data type is defined as a scalar type which can hold a value
-representing the locale-dependent character mapping. There is no way to
-construct such a value apart from using the return value of the
-@code{wctrans} function.
-
-@pindex wctype.h
-@noindent
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctrans_t wctrans (const char *@var{property})
-The @code{wctrans} function has to be used to find out whether a named
-mapping is defined in the current locale selected for the
-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-it afterwards in calls to @code{towctrans}. If the return value is
-zero no such mapping is known in the current locale.
-
-Beside locale-specific mappings there are two mappings which are
-guaranteed to be available in every locale:
-
-@multitable @columnfractions .5 .5
-@item
-@code{"tolower"} @tab @code{"toupper"}
-@end multitable
-
-@pindex wctype.h
-@noindent
-These functions are declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@code{towctrans} maps the input character @var{wc}
-according to the rules of the mapping for which @var{desc} is a
-descriptor, and returns the value it finds. @var{desc} must be
-obtained by a successful call to @code{wctrans}.
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-For the generally available mappings, the @w{ISO C} standard defines
-convenient shortcuts so that it is not necessary to call @code{wctrans}
-for them.
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towlower (wint_t @var{wc})
-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
-lower-case letter. If @var{wc} is not an upper-case letter,
-@var{wc} is returned unchanged.
-
-@noindent
-@code{towlower} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("tolower"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towupper (wint_t @var{wc})
-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
-upper-case letter. Otherwise @var{wc} is returned unchanged.
-
-@noindent
-@code{towupper} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("toupper"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-The same warnings given in the last section for the use of the wide
-character classification functions apply here. It is not possible to
-simply cast a @code{char} type value to a @code{wint_t} and use it as an
-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ed2a05df36796dedeb1b73c973d17de5092684f
commit 7ed2a05df36796dedeb1b73c973d17de5092684f
Merge: 8dc671d b0ce064 ed7e9cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8dc671dd7896ddf29bae4235f187d282b8fa12b9
commit 8dc671dd7896ddf29bae4235f187d282b8fa12b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
pull
diff --git a/meta b/meta
index f58fa10..d70635d 100644
--- a/meta
+++ b/meta
@@ -1,15 +1,15 @@
Version: 1
-Previous: 1105dbbfefb70928dddf6224c380ee647b74e574
-Head: 3877ab63574b2d23eac947fed521b7c3999c8d9f
+Previous: b0ce064083475ab914baa5244960e369cf0a2e10
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
- manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
- powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
- unused-scalb-is-scalbn.patch: abc6d481de5aabe5a3a019a29cc747e55230600e
- manual-document-mt-safety-arith.patch: e9e5cf9f32d9b8147c0c8097478f8d623709d917
- manual-document-mt-safety-stdio.patch: d0a89c9db96cfa69b1e445b45d29ebb5d783b899
- manual-document-mt-safety-locale.patch: b6d0a7e40695997390c967a9c1255fc1813c84b0
- manual-document-mt-safety-math.patch: c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
- manual-document-mt-safety-ctype-wip.patch: 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
- manual-document-mt-safety-wip.patch: 3877ab63574b2d23eac947fed521b7c3999c8d9f
+ manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+ powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
+ unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
+ manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+ manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
+ manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
+ manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 471af98..5f1c9c2 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: da0e6ebd226c97d69a880a83a3458d1290cb0a33
-Top: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
+Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Top: e75a47b5ad278b7f85e5420cd63cda069e0b7030
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:39 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
index e2d64bc..9799a98 100644
--- a/patches/manual-document-mt-safety-ctype-wip.patch
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -1,7 +1,7 @@
-Bottom: 78fe1791b80475e24bb082448c82b31a599bb2cd
-Top: eda06e358bd7339a7b33c1798edc9038d99aafaf
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:43 -0300
+Date: 2013-08-13 15:29:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index c5c4fa4..a5cc454 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,7 +1,7 @@
-Bottom: 7803afb16b44ea9e7a20effc6b009b4417ede858
-Top: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
+Bottom: e394e37491899340294bfd977f43c098c558c2b1
+Top: e7a76e5bc200b56429777851aab7bce4bcbb7c56
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:40 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 79e98aa..ebdf1e4 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,7 +1,7 @@
-Bottom: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
-Top: 78fe1791b80475e24bb082448c82b31a599bb2cd
+Bottom: e7a76e5bc200b56429777851aab7bce4bcbb7c56
+Top: 493d959bda4db41836ea91b2b9685b47ab733575
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:41 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index d0907aa..8aae437 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,7 +1,7 @@
-Bottom: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
-Top: 7803afb16b44ea9e7a20effc6b009b4417ede858
+Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: e394e37491899340294bfd977f43c098c558c2b1
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:40 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index c9edc3e..83ac8f5 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,7 +1,7 @@
-Bottom: eda06e358bd7339a7b33c1798edc9038d99aafaf
-Top: b3048f1f29a3cb611e8590355a732220e79312c6
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:48 -0300
+Date: 2013-08-13 15:29:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 66d3159..6bdec13 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: efed39b7ade4b9cbc21039a1156412424917f48d
-Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: f865586a6c7ce831d9285c15a3df95a5b593b24b
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-07-30 04:54:56 -0300
+Date: 2013-08-13 15:29:39 -0300
Thread safety documentation.
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index c35921d..e415a47 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,7 +1,7 @@
-Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Top: 4e74d806c3244a3036ccfd773571125e92181033
+Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: 6ecb4948f5afac7b2e943164b461bf059c000127
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:36 -0300
+Date: 2013-08-13 15:29:39 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 4f1dac0..d6b66ee 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: 4e74d806c3244a3036ccfd773571125e92181033
-Top: da0e6ebd226c97d69a880a83a3458d1290cb0a33
+Bottom: 6ecb4948f5afac7b2e943164b461bf059c000127
+Top: 6c9a45167e9f148c725e5d962b1cd083292f0adf
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:37 -0300
+Date: 2013-08-13 15:29:39 -0300
Rename unused scalb to scalbn to match prototype.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
commit ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=60f0d7aaa66504b3818d82ea8691b365f4f55dc5
commit 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
commit b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..833e0c9 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +452,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +747,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +763,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +800,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +812,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +968,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1035,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1074,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1084,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1396,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1447,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1476,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1560,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1629,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1704,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1740,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2115,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2375,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2440,9 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2633,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2689,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2701,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2713,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2725,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=edeb8dbee9aa4cdef77764287545e16903acea6d
commit edeb8dbee9aa4cdef77764287545e16903acea6d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f17febc6eced1c8227402f12867a400ba58bd74
commit 0f17febc6eced1c8227402f12867a400ba58bd74
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=49427f4017a13662522c4247e1eed08f867a3d73
commit 49427f4017a13662522c4247e1eed08f867a3d73
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=351fb371fa127df8fa5e27b38a330e4258b35180
commit 351fb371fa127df8fa5e27b38a330e4258b35180
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f159288e81a5a769e1274527d307f82bd918d8e5
commit f159288e81a5a769e1274527d307f82bd918d8e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..2630a77 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the latter function may observe a partially updated,
+inconsistent data structure, and misbehave.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=04381689562081fc1e2328e5807e0dc537c1c5fc
commit 04381689562081fc1e2328e5807e0dc537c1c5fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6f9592e7a7e327deae62aae99a5238cfba2d572d
commit 6f9592e7a7e327deae62aae99a5238cfba2d572d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b0ce064083475ab914baa5244960e369cf0a2e10
commit b0ce064083475ab914baa5244960e369cf0a2e10
Merge: f39e49a 3877ab6 1105dbb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:14 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f39e49a9c7a1d54c0be1718ff13feb587b8fdcca
commit f39e49a9c7a1d54c0be1718ff13feb587b8fdcca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:14 2013 -0300
push
diff --git a/meta b/meta
index ae7cb86..f58fa10 100644
--- a/meta
+++ b/meta
@@ -1,15 +1,15 @@
Version: 1
-Previous: b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
-Head: 134de3fab35b91543080d25a276ab00593d15be7
+Previous: 1105dbbfefb70928dddf6224c380ee647b74e574
+Head: 3877ab63574b2d23eac947fed521b7c3999c8d9f
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
+ unused-scalb-is-scalbn.patch: abc6d481de5aabe5a3a019a29cc747e55230600e
+ manual-document-mt-safety-arith.patch: e9e5cf9f32d9b8147c0c8097478f8d623709d917
+ manual-document-mt-safety-stdio.patch: d0a89c9db96cfa69b1e445b45d29ebb5d783b899
+ manual-document-mt-safety-locale.patch: b6d0a7e40695997390c967a9c1255fc1813c84b0
+ manual-document-mt-safety-math.patch: c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
+ manual-document-mt-safety-ctype-wip.patch: 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
+ manual-document-mt-safety-wip.patch: 3877ab63574b2d23eac947fed521b7c3999c8d9f
Unapplied:
- unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
- manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
- manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
- manual-document-mt-safety-locale.patch: 2138bb13b72835109d53a470595be6f31f485113
- manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
- manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
- manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 6d56f45..471af98 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 58842960ffbf63afb50845d77d86b584785bfb5d
-Top: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Bottom: da0e6ebd226c97d69a880a83a3458d1290cb0a33
+Top: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:39 -0300
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
index 2751123..e2d64bc 100644
--- a/patches/manual-document-mt-safety-ctype-wip.patch
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -1,5 +1,5 @@
-Bottom: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
-Top: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Bottom: 78fe1791b80475e24bb082448c82b31a599bb2cd
+Top: eda06e358bd7339a7b33c1798edc9038d99aafaf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:43 -0300
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index def6108..c5c4fa4 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e742d008a73a9279e0234fe6e8416e0b74b22645
-Top: b6a7df74e1dd769dd2a68885320bde2bae038277
+Bottom: 7803afb16b44ea9e7a20effc6b009b4417ede858
+Top: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:40 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 14df6f3..79e98aa 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: b6a7df74e1dd769dd2a68885320bde2bae038277
-Top: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Bottom: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
+Top: 78fe1791b80475e24bb082448c82b31a599bb2cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:41 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 2088f94..d0907aa 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
-Top: e742d008a73a9279e0234fe6e8416e0b74b22645
+Bottom: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
+Top: 7803afb16b44ea9e7a20effc6b009b4417ede858
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:40 -0300
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 31af2c2..c9edc3e 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,5 +1,5 @@
-Bottom: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
-Top: 7e6a83a1413d637cd4076c377f2dc632dc928b39
+Bottom: eda06e358bd7339a7b33c1798edc9038d99aafaf
+Top: b3048f1f29a3cb611e8590355a732220e79312c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:48 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 2e01b9a..4f1dac0 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 83a97471a9f798dbf70f921529bea532c0632478
-Top: 58842960ffbf63afb50845d77d86b584785bfb5d
+Bottom: 4e74d806c3244a3036ccfd773571125e92181033
+Top: da0e6ebd226c97d69a880a83a3458d1290cb0a33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:37 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3877ab63574b2d23eac947fed521b7c3999c8d9f
commit 3877ab63574b2d23eac947fed521b7c3999c8d9f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:48 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
commit 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..f05d509 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
commit c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6d0a7e40695997390c967a9c1255fc1813c84b0
commit b6d0a7e40695997390c967a9c1255fc1813c84b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d0a89c9db96cfa69b1e445b45d29ebb5d783b899
commit d0a89c9db96cfa69b1e445b45d29ebb5d783b899
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9e5cf9f32d9b8147c0c8097478f8d623709d917
commit e9e5cf9f32d9b8147c0c8097478f8d623709d917
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..833e0c9 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +452,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +747,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +763,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +800,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +812,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +968,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1035,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1074,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1084,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1396,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1447,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1476,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1560,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1629,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1704,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1740,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2115,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2375,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2440,9 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2633,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2689,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2701,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2713,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2725,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abc6d481de5aabe5a3a019a29cc747e55230600e
commit abc6d481de5aabe5a3a019a29cc747e55230600e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:37 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1105dbbfefb70928dddf6224c380ee647b74e574
commit 1105dbbfefb70928dddf6224c380ee647b74e574
Merge: 07168b5 134de3f b6698eb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:08 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07168b5e6186608722e903b5d411b0a2a21b1cec
commit 07168b5e6186608722e903b5d411b0a2a21b1cec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:08 2013 -0300
push
diff --git a/meta b/meta
index 958622e..ae7cb86 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: afe9eb86872a7e5e07a87c8e33221ce8196d1185
-Head: efc461350d9249c7b45dd1711d026868b38f051c
+Previous: b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
+Head: 134de3fab35b91543080d25a276ab00593d15be7
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+ powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index fb9723a..c35921d 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
-Top: 83a97471a9f798dbf70f921529bea532c0632478
+Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Top: 4e74d806c3244a3036ccfd773571125e92181033
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:36 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=134de3fab35b91543080d25a276ab00593d15be7
commit 134de3fab35b91543080d25a276ab00593d15be7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:36 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
commit b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
Merge: 967f99a afe9eb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:53 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=967f99ae29dc6f98fada7ff3785f043818b1c529
commit 967f99ae29dc6f98fada7ff3785f043818b1c529
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:53 2013 -0300
refresh
diff --git a/meta b/meta
index 5938411..958622e 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: c2ae60832456ff1f7dde39f32ff789261f07cc0c
-Head: 5302cf4e2b425ad6a577644de0e2778aebbeda47
+Previous: afe9eb86872a7e5e07a87c8e33221ce8196d1185
+Head: efc461350d9249c7b45dd1711d026868b38f051c
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
- refresh-temp: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d57ecf9..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,10 +0,0 @@
-Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-07-30 04:56:50 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=afe9eb86872a7e5e07a87c8e33221ce8196d1185
commit afe9eb86872a7e5e07a87c8e33221ce8196d1185
Merge: ba8cbfe 5302cf4 c2ae608
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:52 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ba8cbfe1b08c4a5f248b91b79ed7741969b300c7
commit ba8cbfe1b08c4a5f248b91b79ed7741969b300c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:51 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 4861167..5938411 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: 972123921bf2c298d20034ac9f070b30ad7db958
-Head: efc461350d9249c7b45dd1711d026868b38f051c
+Previous: c2ae60832456ff1f7dde39f32ff789261f07cc0c
+Head: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+ refresh-temp: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d57ecf9
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,10 @@
+Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-07-30 04:56:50 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5302cf4e2b425ad6a577644de0e2778aebbeda47
commit 5302cf4e2b425ad6a577644de0e2778aebbeda47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:50 2013 -0300
Refresh of manual-document-mt-safety.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=efc461350d9249c7b45dd1711d026868b38f051c
commit efc461350d9249c7b45dd1711d026868b38f051c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..2630a77 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the latter function may observe a partially updated,
+inconsistent data structure, and misbehave.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c2ae60832456ff1f7dde39f32ff789261f07cc0c
commit c2ae60832456ff1f7dde39f32ff789261f07cc0c
Merge: fe515c9 9721239 efc4613
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe515c972a5db7233f15cf86bc70f83d5382cfd0
commit fe515c972a5db7233f15cf86bc70f83d5382cfd0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
pull
diff --git a/meta b/meta
index 07529f5..4861167 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: 0cd347e77152d781992666f79ede349337ff1e2a
-Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Previous: 972123921bf2c298d20034ac9f070b30ad7db958
+Head: efc461350d9249c7b45dd1711d026868b38f051c
Applied:
- manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
+ manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
@@ -11,5 +12,4 @@ Applied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
-Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 09977f1..66d3159 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 13f15f706fb1ff430a99cba2788b2c38389fb60e
-Top: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Bottom: efed39b7ade4b9cbc21039a1156412424917f48d
+Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:35 -0300
+Date: 2013-07-30 04:54:56 -0300
Thread safety documentation.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=972123921bf2c298d20034ac9f070b30ad7db958
commit 972123921bf2c298d20034ac9f070b30ad7db958
Merge: ea4fba3 0cd347e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:56 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea4fba346a4d8499e2a0c063caf1a51cf4f9b6ef
commit ea4fba346a4d8499e2a0c063caf1a51cf4f9b6ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:56 2013 -0300
push
diff --git a/meta b/meta
index 342e7f8..07529f5 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,7 @@
Version: 1
-Previous: f618714f0d41bb4db78aaa249202934f8c95d2dd
-Head: 89756a8cdb72c3741aa01e97d4ec8c4b30da585b
+Previous: 0cd347e77152d781992666f79ede349337ff1e2a
+Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Applied:
-Unapplied:
manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
@@ -12,4 +11,5 @@ Unapplied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0cd347e77152d781992666f79ede349337ff1e2a
commit 0cd347e77152d781992666f79ede349337ff1e2a
Merge: e82e52b f618714 89756a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:45 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e82e52b64d56c2a395b94ac311b5418947b7b344
commit e82e52b64d56c2a395b94ac311b5418947b7b344
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:45 2013 -0300
pop
diff --git a/meta b/meta
index 098d519..342e7f8 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: None
-Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Previous: f618714f0d41bb4db78aaa249202934f8c95d2dd
+Head: 89756a8cdb72c3741aa01e97d4ec8c4b30da585b
Applied:
+Unapplied:
manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
@@ -11,5 +12,4 @@ Applied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f618714f0d41bb4db78aaa249202934f8c95d2dd
commit f618714f0d41bb4db78aaa249202934f8c95d2dd
Merge: d62a41b 08d66cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:38 2013 -0300
start of log
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d62a41bd6cad10dd3fd1d552044e1c0fc15c3b30
commit d62a41bd6cad10dd3fd1d552044e1c0fc15c3b30
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:38 2013 -0300
start of log
diff --git a/meta b/meta
new file mode 100644
index 0000000..098d519
--- /dev/null
+++ b/meta
@@ -0,0 +1,15 @@
+Version: 1
+Previous: None
+Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Applied:
+ manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
+ powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
+ unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
+ manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
+ manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
+ manual-document-mt-safety-locale.patch: 2138bb13b72835109d53a470595be6f31f485113
+ manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
+ manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
+ manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Unapplied:
+Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
new file mode 100644
index 0000000..6d56f45
--- /dev/null
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -0,0 +1,822 @@
+Bottom: 58842960ffbf63afb50845d77d86b584785bfb5d
+Top: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:39 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/arith.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 77056c3..833e0c9 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -160,6 +160,8 @@ The remainder from the division.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun div_t div (int @var{numerator}, int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Functions in this section are pure, and thus safe.
+ This function @code{div} computes the quotient and remainder from
+ the division of @var{numerator} by @var{denominator}, returning the
+ result in a structure of type @code{div_t}.
+@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ldiv} function is similar to @code{div}, except that the
+ arguments are of type @code{long int} and the result is returned as a
+ structure of type @code{ldiv_t}.
+@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lldiv} function is like the @code{div} function, but the
+ arguments are of type @code{long long int} and the result is returned as
+ a structure of type @code{lldiv_t}.
+@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{imaxdiv} function is like the @code{div} function, but the
+ arguments are of type @code{intmax_t} and the result is returned as
+ a structure of type @code{imaxdiv_t}.
+@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
+ @comment math.h
+ @comment BSD
+ @deftypefunx int isinfl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns @code{-1} if @var{x} represents negative infinity,
+ @code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
+ @end deftypefun
+@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
+ @comment math.h
+ @comment BSD
+ @deftypefunx int isnanl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns a nonzero value if @var{x} is a ``not a number''
+ value, and zero otherwise.
+
+@@ -445,6 +452,7 @@ function for some reason, you can write
+ @comment math.h
+ @comment BSD
+ @deftypefunx int finitel (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns a nonzero value if @var{x} is finite or a ``not a
+ number'' value, and zero otherwise.
+ @end deftypefun
+@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feclearexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
++@c The other functions in this section that modify FP status register
++@c mostly do so with non-atomic load-modify-store sequences, but since
++@c the register is thread-specific, this should be fine, and safe for
++@c cancellation. As long as the FP environment is restored before the
++@c signal handler returns control to the interrupted thread (like any
++@c kernel should do), the functions are also safe for use in signal
++@c handlers.
++@c
++@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
++@c __sim_exception, __sim_disabled_exception and __sim_round_mode
++@c variables, that emulate a floating-point status register, are not
++@c thread-specific variables, so many of these functions are not MT-safe
++@c on that platform. This is probably a bug. These variables aren't
++@c restored by the signal machinery either, making the functions also
++@c async-signal-unsafe on this platform.
+ This function clears all of the supported exception flags indicated by
+ @var{excepts}.
+
+@@ -723,6 +747,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feraiseexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function raises the supported exceptions indicated by
+ @var{excepts}. If more than one exception bit in @var{excepts} is set
+ the order in which the exceptions are raised is undefined except that
+@@ -738,6 +763,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fetestexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Test whether the exception flags indicated by the parameter @var{except}
+ are currently set. If any of them are, a nonzero value is returned
+ which specifies which exceptions are set. Otherwise the result is zero.
+@@ -774,6 +800,7 @@ following functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function stores in the variable pointed to by @var{flagp} an
+ implementation-defined value representing the current setting of the
+ exception flags indicated by @var{excepts}.
+@@ -785,6 +812,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function restores the flags for the exceptions indicated by
+ @var{excepts} to the values stored in the variable pointed to by
+ @var{flagp}.
+@@ -940,6 +968,7 @@ find out which one with this function:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetround (void)
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Returns the currently selected rounding mode, represented by one of the
+ values of the defined rounding mode macros.
+ @end deftypefun
+@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetround (int @var{round})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Changes the currently selected rounding mode to @var{round}. If
+ @var{round} does not correspond to one of the supported rounding modes
+ nothing is changed. @code{fesetround} returns zero if it changed the
+@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetenv (fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Store the floating-point environment in the variable pointed to by
+ @var{envp}.
+
+@@ -1004,6 +1035,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feholdexcept (fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Store the current floating-point environment in the object pointed to by
+ @var{envp}. Then clear all exception flags, and set the FPU to trap no
+ exceptions. Not all FPUs support trapping no exceptions; if
+@@ -1042,6 +1074,7 @@ functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetenv (const fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Set the floating-point environment to that described by @var{envp}.
+
+ The function returns zero in case the operation was successful, a
+@@ -1051,6 +1084,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feupdateenv (const fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Like @code{fesetenv}, this function sets the floating-point environment
+ to that described by @var{envp}. However, if any exceptions were
+ flagged in the status word before @code{feupdateenv} was called, they
+@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int feenableexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This functions enables traps for each of the exceptions as indicated by
+ the parameter @var{except}. The individual exceptions are described in
+ @ref{Status bit operations}. Only the specified exceptions are
+@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int fedisableexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This functions disables traps for each of the exceptions as indicated by
+ the parameter @var{except}. The individual exceptions are described in
+ @ref{Status bit operations}. Only the specified exceptions are
+@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int fegetexcept (void)
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ The function returns a bitmask of all currently enabled exceptions. It
+ returns @code{-1} in case of failure.
+ @end deftypefun
+@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
+ @comment inttypes.h
+ @comment ISO
+ @deftypefunx intmax_t imaxabs (intmax_t @var{number})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the absolute value of @var{number}.
+
+ Most computers use a two's complement integer representation, in which
+@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fabsl (long double @var{number})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the absolute value of the floating-point number
+ @var{number}.
+ @end deftypefun
+@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cabsl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the absolute value of the complex number @var{z}
+ (@pxref{Complex Numbers}). The absolute value of a complex number is:
+
+@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are used to split the number @var{value}
+ into a normalized fraction and an exponent.
+
+@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the result of multiplying the floating-point
+ number @var{value} by 2 raised to the power @var{exponent}. (It can
+ be used to reassemble floating-point numbers that were taken apart
+@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @end deftypefun
+
+@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{scalbn} is identical to @code{scalb}, except that the exponent
+ @var{n} is an @code{int} instead of a floating-point number.
+ @end deftypefun
+@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{scalbln} is identical to @code{scalb}, except that the exponent
+ @var{n} is a @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} significandl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{significand} returns the mantissa of @var{x} scaled to the range
+ @math{[1, 2)}.
+ It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
+@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} ceill (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} upwards to the nearest integer,
+ returning that value as a @code{double}. Thus, @code{ceil (1.5)}
+ is @code{2.0}.
+@@ -1349,6 +1396,7 @@ is @code{2.0}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} floorl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} downwards to the nearest
+ integer, returning that value as a @code{double}. Thus, @code{floor
+ (1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
+@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} truncl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{trunc} functions round @var{x} towards zero to the nearest
+ integer (returned in floating-point format). Thus, @code{trunc (1.5)}
+ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} rintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} to an integer value according to the
+ current rounding mode. @xref{Floating Point Parameters}, for
+ information about the various rounding modes. The default
+@@ -1397,6 +1447,7 @@ inexact exception.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nearbyintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the same value as the @code{rint} functions, but
+ do not raise the inexact exception if @var{x} is not an integer.
+ @end deftypefun
+@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} roundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are similar to @code{rint}, but they round halfway
+ cases away from zero instead of to the nearest integer (or other
+ current rounding mode).
+@@ -1424,6 +1476,7 @@ current rounding mode).
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long int} lrintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{rint}, but they return a
+ @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long long int} llrintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{rint}, but they return a
+ @code{long long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long int} lroundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{round}, but they return a
+ @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long long int} llroundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{round}, but they return a
+ @code{long long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions break the argument @var{value} into an integer part and a
+ fractional part (between @code{-1} and @code{1}, exclusive). Their sum
+ equals @var{value}. Each of the parts has the same sign as @var{value},
+@@ -1503,6 +1560,7 @@ suits your problem.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions compute the remainder from the division of
+ @var{numerator} by @var{denominator}. Specifically, the return value is
+ @code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
+@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are like @code{fmod} except that they round the
+ internal quotient @var{n} to the nearest integer instead of towards zero
+ to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
+@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is another name for @code{drem}.
+ @end deftypefun
+
+@@ -1569,6 +1629,7 @@ bits.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return @var{x} but with the sign of @var{y}. They work
+ even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
+ sign (although not all implementations support it) and this is one of
+@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+ @comment math.h
+ @comment ISO
+ @deftypefun int signbit (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{signbit} is a generic macro which can work on all floating-point
+ types. It returns a nonzero value if the value of @var{x} has its sign
+ bit set.
+@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{nextafter} function returns the next representable neighbor of
+ @var{x} in the direction towards @var{y}. The size of the step between
+ @var{x} and the result depends on the type of the result. If
+@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are identical to the corresponding versions of
+ @code{nextafter} except that their second argument is a @code{long
+ double}.
+@@ -1640,6 +1704,8 @@ double}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nanl (const char *@var{tagp})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c The unsafe-but-ruled-safe locale use comes from strtod.
+ The @code{nan} function returns a representation of NaN, provided that
+ NaN is supported by the target platform.
+ @code{nan ("@var{n-char-sequence}")} is equivalent to
+@@ -1674,6 +1740,7 @@ arguments only once.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is greater than
+ @var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is greater than or
+ equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less than @var{y}.
+ It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
+ raised if @var{x} or @var{y} are NaN.
+@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less than or equal
+ to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less or greater
+ than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
+ (@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
+@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether its arguments are unordered. In other
+ words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
+ @end deftypefn
+@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fmin} function returns the lesser of the two values @var{x}
+ and @var{y}. It is similar to the expression
+ @smallexample
+@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fmax} function returns the greater of the two values @var{x}
+ and @var{y}.
+
+@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fdim} function returns the positive difference between
+ @var{x} and @var{y}. The positive difference is @math{@var{x} -
+ @var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
+@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
+ @comment ISO
+ @deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
+ @cindex butterfly
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fma} function performs floating-point multiply-add. This is
+ the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
+ intermediate result is not rounded to the destination type. This can
+@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} creall (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the real part of the complex number @var{z}.
+ @end deftypefun
+
+@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cimagl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the imaginary part of the complex number @var{z}.
+ @end deftypefun
+
+@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {complex long double} conjl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the conjugate value of the complex number
+ @var{z}. The conjugate of a complex number has the same real part and a
+ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cargl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the argument of the complex number @var{z}.
+ The argument of a complex number is the angle in the complex plane
+ between the positive real axis and a line passing through zero and the
+@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {complex long double} cprojl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the projection of the complex value @var{z} onto
+ the Riemann sphere. Values with a infinite imaginary part are projected
+ to positive infinity on the real axis, even if the real part is NaN. If
+@@ -2034,6 +2115,16 @@ as well.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c strtol uses the thread-local pointer to the locale in effect, and
++@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
++@c but if the locale is the global locale, and another thread calls
++@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
++@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
++@c execution of the function, because they re-read the locale data from
++@c the given locale pointer. We solved this by documenting setlocale as
++@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
++@c AS-Safe; recheck.
+ The @code{strtol} (``string-to-long'') function converts the initial
+ part of @var{string} to a signed integer, which is returned as a value
+ of type @code{long int}.
+@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstol} function is equivalent to the @code{strtol} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoul} (``string-to-unsigned-long'') function is like
+ @code{strtol} except it converts to an @code{unsigned long int} value.
+ The syntax is the same as described above for @code{strtol}. The value
+@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoul} function is equivalent to the @code{strtoul} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoll} function is like @code{strtol} except that it returns
+ a @code{long long int} value, and accepts numbers with a correspondingly
+ larger range.
+@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoll} function is equivalent to the @code{strtoll} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
+ @end deftypefun
+
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoq} function is equivalent to the @code{strtoq} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoull} function is related to @code{strtoll} the same way
+ @code{strtoul} is related to @code{strtol}.
+
+@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoull} function is equivalent to the @code{strtoull} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{strtouq} is the BSD name for @code{strtoull}.
+ @end deftypefun
+
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstouq} function is equivalent to the @code{strtouq} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoimax} function is like @code{strtol} except that it returns
+ a @code{intmax_t} value, and accepts numbers of a corresponding range.
+
+@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoumax} function is related to @code{strtoimax}
+ the same way that @code{strtoul} is related to @code{strtol}.
+
+@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long int} atol (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to the @code{strtol} function with a @var{base}
+ argument of @code{10}, except that it need not detect overflow errors.
+ The @code{atol} function is provided mostly for compatibility with
+@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int atoi (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is like @code{atol}, except that it returns an @code{int}.
+ The @code{atoi} function is also considered obsolete; use @code{strtol}
+ instead.
+@@ -2267,6 +2375,7 @@ instead.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long long int} atoll (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to @code{atol}, except it returns a @code{long
+ long int}.
+
+@@ -2331,6 +2440,9 @@ as well.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
++@c mpn, but it's all safe.
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
+@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ These functions are analogous to @code{strtod}, but return @code{float}
+ and @code{long double} values respectively. They report errors in the
+ same way as @code{strtod}. @code{strtof} can be substantially faster
+@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
+ equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
+ @code{strtold} functions but it handles wide character string.
+@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun double atof (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to the @code{strtod} function, except that it
+ need not detect overflow and underflow errors. The @code{atof} function
+ is provided mostly for compatibility with existing code; using
+@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ The function @code{ecvt} converts the floating-point number @var{value}
+ to a string with at most @var{ndigit} decimal digits. The
+ returned string contains no decimal point or sign. The first digit of
+@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
+ the number of digits after the decimal point. If @var{ndigit} is less
+ than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
+@@ -2516,6 +2633,9 @@ to @code{fcvt}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
++@c args_value if it's too large, but gcvt never exercises this path.
+ @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
+ ndigit, value}. It is provided only for compatibility's sake. It
+ returns @var{buf}.
+@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ This function is equivalent to @code{ecvt} except that it takes a
+ @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ This function is equivalent to @code{fcvt} except that it
+ takes a @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is equivalent to @code{gcvt} except that it takes a
+ @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2566,6 +2689,7 @@ user-supplied buffer.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ecvt_r} function is the same as @code{ecvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2577,6 +2701,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcvt_r} function is the same as @code{fcvt}, except that it
+ places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2588,6 +2713,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{qecvt_r} function is the same as @code{qecvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2599,6 +2725,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{qfcvt_r} function is the same as @code{qfcvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
new file mode 100644
index 0000000..2751123
--- /dev/null
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -0,0 +1,34 @@
+Bottom: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Top: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:43 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/ctype.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index 3d13571..f05d509 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
new file mode 100644
index 0000000..def6108
--- /dev/null
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -0,0 +1,29 @@
+Bottom: e742d008a73a9279e0234fe6e8416e0b74b22645
+Top: b6a7df74e1dd769dd2a68885320bde2bae038277
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:40 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/locale.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 2f10fcd..323268d 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
++@safety{@mtunsafe{uunguard}}
++@c This function is MT-Safe, but uses of the global locale object are
++@c unguarded in functions that ought to be MT-Safe, so we're ruling out
++@c the use of this function once threads are started.
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
new file mode 100644
index 0000000..14df6f3
--- /dev/null
+++ b/patches/manual-document-mt-safety-math.patch
@@ -0,0 +1,26 @@
+Bottom: b6a7df74e1dd769dd2a68885320bde2bae038277
+Top: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:41 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/math.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/math.texi b/manual/math.texi
+index 193d415..fd5d0c8 100644
+--- a/manual/math.texi
++++ b/manual/math.texi
+@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
+ @comment math.h
+ @comment ISO
+ @deftypefunx int ilogbl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are equivalent to the corresponding @code{logb}
+ functions except that they return signed integer values.
+ @end deftypefun
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
new file mode 100644
index 0000000..2088f94
--- /dev/null
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -0,0 +1,1117 @@
+Bottom: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Top: e742d008a73a9279e0234fe6e8416e0b74b22645
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:40 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/stdio.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 3f9be9bc5..7809dd4 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+
+@@ -265,6 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
++@c Like most I/O operations, this one is guarded by a recursive lock,
++@c released even upon cancellation, but cancellation may leak file
++@c descriptors and leave the stream in an inconsistent state (e.g.,
++@c still bound to the closed descriptor). Also, if the stream is
++@c part-way through a significant update (say running freopen) when a
++@c signal handler calls freopen again on the same stream, the result is
++@c likely to be an inconsistent stream, and the possibility of closing
++@c twice file descriptor number that the stream used to use, the second
++@c time when it might have already been reused by another thread.
+ This function is like a combination of @code{fclose} and @code{fopen}.
+ It first closes the stream referred to by @var{stream}, ignoring any
+ errors that are detected in the process. (Because errors are ignored,
+@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+ This function is similar to @code{freopen}. The only difference is that
+ on 32 bit machine the stream returned is able to read beyond the
+ @math{2^31} bytes limits imposed by the normal interface. It should be
+@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __freadable (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__freadable} function determines whether the stream
+ @var{stream} was opened to allow reading. In this case the return value
+ is nonzero. For write-only streams the function returns zero.
+@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fwritable (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__fwritable} function determines whether the stream
+ @var{stream} was opened to allow writing. In this case the return value
+ is nonzero. For read-only streams the function returns zero.
+@@ -364,6 +380,7 @@ They provide even finer-grained information.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __freading (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__freading} function determines whether the stream
+ @var{stream} was last read from or whether it is opened read-only. In
+ this case the return value is nonzero, otherwise it is zero.
+@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fwriting (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__fwriting} function determines whether the stream
+ @var{stream} was last written to or whether it is opened write-only. In
+ this case the return value is nonzero, otherwise it is zero.
+@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@c After fclose, it is undefined behavior to use the stream it points
++@c to. Therefore, one must only call fclose when the stream is
++@c otherwise unused. Concurrent uses started before will complete
++@c successfully because of the lock, which makes it MT-Safe. Calling it
++@c from a signal handler is perfectly safe if the stream is known to be
++@c no longer used, which is a precondition for fclose to be safe in the
++@c first place; since this is no further requirement, fclose is safe for
++@c use in async signals too. After calling fclose, you can no longer
++@c use the stream, not even to fclose it again, so its memory and file
++@c descriptor may leak if fclose is canceled before @c releasing them.
++@c That the stream must be unused and it becomes unused after the call
++@c is what would enable fclose to be AS- and AC-Safe while freopen
++@c isn't. However, because of the possibility of leaving __gconv_lock
++@c taken upon cancellation, AC-Safety is lost.
+ This function causes @var{stream} to be closed and the connection to
+ the corresponding file to be broken. Any buffered output is written
+ and any buffered input is discarded. The @code{fclose} function returns
+@@ -418,6 +451,12 @@ another function.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fcloseall (void)
++@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
++@c Like fclose, using any previously-opened streams after fcloseall is
++@c undefined. However, the implementation of fcloseall isn't equivalent
++@c to calling fclose for all streams: it just flushes and unbuffers all
++@c streams, without any locking. It's the flushing without locking that
++@c makes it unsafe.
+ This function causes all open streams of the process to be closed and
+ the connection to corresponding files to be broken. All buffered data
+ is written and any buffered input is discarded. The @code{fcloseall}
+@@ -474,6 +513,9 @@ perform the stream locking in the application code.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun void flockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c There's no way to tell whether the lock was acquired before or after
++@c cancellation so as to unlock only when appropriate.
+ The @code{flockfile} function acquires the internal locking object
+ associated with the stream @var{stream}. This ensures that no other
+ thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
+@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int ftrylockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{ftrylockfile} function tries to acquire the internal locking
+ object associated with the stream @var{stream} just like
+ @code{flockfile}. But unlike @code{flockfile} this function does not
+@@ -496,6 +539,7 @@ another thread.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun void funlockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{funlockfile} function releases the internal locking object of
+ the stream @var{stream}. The stream must have been locked before by a
+ call to @code{flockfile} or a successful call of @code{ftrylockfile}.
+@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
++@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
++@c Changing the implicit-locking status of a stream while it's in use by
++@c another thread may cause a lock to be implicitly acquired and not
++@c released, or vice-versa. This function should probably hold the lock
++@c while changing this setting, to make sure we don't change it while
++@c there are any concurrent uses. Meanwhile, callers should acquire the
++@c lock themselves to be safe, and even concurrent uses with external
++@c locking will be fine, as long as functions that require external
++@c locking are not called without holding locks.
+
+ The @code{__fsetlocking} function can be used to select whether the
+ stream operations will implicitly acquire the locking object of the
+@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
+ variants will implicitly lock the stream.
+
+ @item FSETLOCKING_BYCALLER
++@c ??? Does the possibility of disabling implicit locking on any stream
++@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
++@c ones?
+ After the @code{__fsetlocking} function returns the user is responsible
+ for locking the stream. None of the stream operations will implicitly
+ do this anymore until the state is set back to
+@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwide (FILE *@var{stream}, int @var{mode})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
++@c Querying is always safe, but changing the stream when it's in use
++@c upthread may be problematic. Like most lock-acquiring functions,
++@c this one may leak the lock if canceled.
+
+ The @code{fwide} function can be used to set and query the state of the
+ orientation of the stream @var{stream}. If the @var{mode} parameter has
+@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fputc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
++@c If the stream is in use when interrupted by a signal, the recursive
++@c lock won't help ensure the stream is consistent; indeed, if fputc
++@c gets a signal precisely before the post-incremented _IO_write_ptr
++@c value is stored, we may overwrite the interrupted write. Conversely,
++@c depending on compiler optimizations, the incremented _IO_write_ptr
++@c may be stored before the character is stored in the buffer,
++@c corrupting the stream if async cancel hits between the two stores.
++@c There may be other reasons for AS- and AC-unsafety in the overflow
++@c cases.
+ The @code{fputc} function converts the character @var{c} to type
+ @code{unsigned char}, and writes it to the stream @var{stream}.
+ @code{EOF} is returned if a write error occurs; otherwise the
+@@ -820,6 +890,7 @@ character @var{c} is returned.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{fputwc} function writes the wide character @var{wc} to the
+ stream @var{stream}. @code{WEOF} is returned if a write error occurs;
+ otherwise the character @var{wc} is returned.
+@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c The unlocked functions can't possibly satisfy the MT-Safety
++@c requirements on their own, because they require external locking for
++@c safety.
+ The @code{fputc_unlocked} function is equivalent to the @code{fputc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment POSIX
+ @deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -844,6 +920,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int putc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ This is just like @code{fputc}, except that most systems implement it as
+ a macro, making it faster. One consequence is that it may evaluate the
+ @var{stream} argument more than once, which is an exception to the
+@@ -854,6 +931,7 @@ use for writing a single character.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ This is just like @code{fputwc}, except that it can be implement as
+ a macro, making it faster. One consequence is that it may evaluate the
+ @var{stream} argument more than once, which is an exception to the
+@@ -864,6 +942,7 @@ use for writing a single wide character.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putc_unlocked} function is equivalent to the @code{putc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putwc_unlocked} function is equivalent to the @code{putwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -880,6 +960,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int putchar (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{putchar} function is equivalent to @code{putc} with
+ @code{stdout} as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t putwchar (wchar_t @var{wc})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{putwchar} function is equivalent to @code{putwc} with
+ @code{stdout} as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int putchar_unlocked (int @var{c})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putchar_unlocked} function is equivalent to the @code{putchar}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
+ function except that it does not implicitly lock the stream.
+
+@@ -910,6 +994,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The function @code{fputs} writes the string @var{s} to the stream
+ @var{stream}. The terminating null character is not written.
+ This function does @emph{not} add a newline character, either.
+@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The function @code{fputws} writes the wide character string @var{ws} to
+ the stream @var{stream}. The terminating null character is not written.
+ This function does @emph{not} add a newline character, either. It
+@@ -945,6 +1031,7 @@ a non-negative value.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputs_unlocked} function is equivalent to the @code{fputs}
+ function except that it does not implicitly lock the stream.
+
+@@ -954,6 +1041,7 @@ This function is a GNU extension.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputws_unlocked} function is equivalent to the @code{fputws}
+ function except that it does not implicitly lock the stream.
+
+@@ -963,6 +1051,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int puts (const char *@var{s})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{puts} function writes the string @var{s} to the stream
+ @code{stdout} followed by a newline. The terminating null character of
+ the string is not written. (Note that @code{fputs} does @emph{not}
+@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun int putw (int @var{w}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function writes the word @var{w} (that is, an @code{int}) to
+ @var{stream}. It is provided for compatibility with SVID, but we
+ recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
+@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fgetc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@c Same caveats as fputc, but instead of losing a write in case of async
++@c signals, we may read the same character more than once, and the
++@c stream may be left in odd states due to cancellation in the underflow
++@c cases.
+ This function reads the next character as an @code{unsigned char} from
+ the stream @var{stream} and returns its value, converted to an
+ @code{int}. If an end-of-file condition or read error occurs,
+@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t fgetwc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads the next wide character from the stream @var{stream}
+ and returns its value. If an end-of-file condition or read error
+ occurs, @code{WEOF} is returned instead.
+@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fgetc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -1047,6 +1145,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int getc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This is just like @code{fgetc}, except that it is permissible (and
+ typical) for it to be implemented as a macro that evaluates the
+ @var{stream} argument more than once. @code{getc} is often highly
+@@ -1057,6 +1156,7 @@ character.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t getwc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This is just like @code{fgetwc}, except that it is permissible for it to
+ be implemented as a macro that evaluates the @var{stream} argument more
+ than once. @code{getwc} can be highly optimized, so it is usually the
+@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int getc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getc_unlocked} function is equivalent to the @code{getc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t getwc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getwc_unlocked} function is equivalent to the @code{getwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -1082,6 +1184,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int getchar (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
+ as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t getwchar (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
+ as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int getchar_unlocked (void)
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getchar_unlocked} function is equivalent to the @code{getchar}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t getwchar_unlocked (void)
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
+ function except that it does not implicitly lock the stream.
+
+@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
+ @comment stdio.h
+ @comment SVID
+ @deftypefun int getw (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads a word (that is, an @code{int}) from @var{stream}.
+ It's provided for compatibility with SVID. We recommend you use
+ @code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
+@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads an entire line from @var{stream}, storing the text
+ (including the newline and a terminating null character) in a buffer
+ and storing the buffer address in @code{*@var{lineptr}}.
+@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is like @code{getline} except that the character which
+ tells it to stop reading is not necessarily newline. The argument
+ @var{delimiter} specifies the delimiter character; @code{getdelim} keeps
+@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fgets} function reads characters from the stream @var{stream}
+ up to and including a newline character and stores them in the string
+ @var{s}, adding a null character to mark the end of the string. You
+@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fgetws} function reads wide characters from the stream
+ @var{stream} up to and including a newline character and stores them in
+ the string @var{ws}, adding a null wide character to mark the end of the
+@@ -1280,6 +1391,7 @@ message.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgets_unlocked} function is equivalent to the @code{fgets}
+ function except that it does not implicitly lock the stream.
+
+@@ -1289,6 +1401,7 @@ This function is a GNU extension.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
+ function except that it does not implicitly lock the stream.
+
+@@ -1298,6 +1411,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefn {Deprecated function} {char *} gets (char *@var{s})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The function @code{gets} reads characters from the stream @code{stdin}
+ up to the next newline character, and stores them in the string @var{s}.
+ The newline character is discarded (note that this differs from the
+@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int ungetc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ungetc} function pushes back the character @var{c} onto the
+ input stream @var{stream}. So the next input from @var{stream} will
+ read @var{c} before anything else.
+@@ -1425,6 +1540,7 @@ will encounter end of file.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ungetwc} function behaves just like @code{ungetc} just that it
+ pushes back a wide character.
+ @end deftypefun
+@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads up to @var{count} objects of size @var{size} into
+ the array @var{data}, from the stream @var{stream}. It returns the
+ number of objects actually read, which might be less than @var{count} if
+@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fread_unlocked} function is equivalent to the @code{fread}
+ function except that it does not implicitly lock the stream.
+
+@@ -1507,6 +1625,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function writes up to @var{count} objects of size @var{size} from
+ the array @var{data}, to the stream @var{stream}. The return value is
+ normally @var{count}, if the call succeeds. Any other value indicates
+@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
+ function except that it does not implicitly lock the stream.
+
+@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int printf (const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{printf} function prints the optional arguments under the
+ control of the template string @var{template} to the stream
+ @code{stdout}. It returns the number of characters printed, or a
+@@ -2266,6 +2387,7 @@ negative value if there was an output error.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{wprintf} function prints the optional arguments under the
+ control of the wide template string @var{template} to the stream
+ @code{stdout}. It returns the number of wide characters printed, or a
+@@ -2275,6 +2397,7 @@ negative value if there was an output error.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{printf}, except that the output is
+ written to the stream @var{stream} instead of @code{stdout}.
+ @end deftypefun
+@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{wprintf}, except that the output is
+ written to the stream @var{stream} instead of @code{stdout}.
+ @end deftypefun
+@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{printf}, except that the output is stored in the character
+ array @var{s} instead of written to a stream. A null character is written
+ to mark the end of the string.
+@@ -2313,6 +2438,7 @@ described below.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{wprintf}, except that the output is stored in the
+ wide character array @var{ws} instead of written to a stream. A null
+ wide character is written to mark the end of the string. The @var{size}
+@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ The @code{snprintf} function is similar to @code{sprintf}, except that
+ the @var{size} argument specifies the maximum number of characters to
+ produce. The trailing null character is counted towards this limit, so
+@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This function is similar to @code{sprintf}, except that it dynamically
+ allocates a string (as with @code{malloc}; @pxref{Unconstrained
+ Allocation}) to hold the output, instead of putting the output in a
+@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+ This function is similar to @code{asprintf}, except that it uses the
+ obstack @var{obstack} to allocate the space. @xref{Obstacks}.
+
+@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{printf} except that, instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap}.
+@@ -2517,6 +2647,7 @@ pointer @var{ap}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{wprintf} except that, instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap}.
+@@ -2525,6 +2656,12 @@ pointer @var{ap}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
++@c Although vfprintf sets up a cleanup region to release the lock on the
++@c output stream, it doesn't use it to release args_value or string in
++@c case of cancellation. This doesn't make it unsafe, but cancelling it
++@c may leak memory. The unguarded use of __printf_function_table is
++@c also of concern for all callers.
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fwprintf} with the variable argument list
+ specified directly as for @code{vwprintf}.
+ @end deftypefun
+@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{sprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{swprintf} with the variable argument list
+ specified directly as for @code{vwprintf}.
+ @end deftypefun
+@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{snprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ The @code{vasprintf} function is the equivalent of @code{asprintf} with the
+ variable argument list specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
++@c The obstack is not guarded by mutexes, it might be at an inconsistent
++@c state within a signal handler, and it could be left at an
++@c inconsistent state in case of cancellation.
+ The @code{obstack_vprintf} function is the equivalent of
+ @code{obstack_printf} with the variable argument list specified directly
+ as for @code{vprintf}.@refill
+@@ -2639,6 +2785,7 @@ file @file{printf.h}.
+ @comment printf.h
+ @comment GNU
+ @deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
+ This function returns information about the number and types of
+ arguments expected by the @code{printf} template string @var{template}.
+ The information is stored in the array @var{argtypes}; each element of
+@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
+ @comment printf.h
+ @comment GNU
+ @deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
++@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@c This function is guarded by the global non-recursive libc lock, but
++@c users of the variables it sets aren't, and those should be MT-Safe,
++@c so we're ruling out the use of this extension with threads. Calling
++@c it from a signal handler may self-deadlock, and cancellation may
++@c leave the lock held, besides leaking allocated memory.
+ This function defines the conversion specifier character @var{spec}.
+ Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
+ You can redefine the built-in conversions like @samp{%s}, but flag
+@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
+ @comment printf.h
+ @comment GNU
+ @deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
++@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
++@c This is meant to be called by vfprintf, that should hold the lock on
++@c the stream, but if this function is called directly, output will be
++@c racy, besides the uses of the global locale object while other
++@c threads may be changing it and the possbility of leaving the stream
++@c object in an inconsistent state in case of cancellation.
+ Print a given floating point number as for the format @code{%f} except
+ that there is a postfix character indicating the divisor for the
+ number to make this less than 1000. There are two possible divisors:
+@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
+ @comment printf.h
+ @comment GNU
+ @deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function will return in @var{argtypes} the information about the
+ used parameters in the way the @code{vfprintf} implementation expects
+ it. The format always takes one argument.
+@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int scanf (const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{scanf} function reads formatted input from the stream
+ @code{stdin} under the control of the template string @var{template}.
+ The optional arguments are pointers to the places which receive the
+@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{wscanf} function reads formatted input from the stream
+ @code{stdin} under the control of the template string @var{template}.
+ The optional arguments are pointers to the places which receive the
+@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{scanf}, except that the input is read
+ from the stream @var{stream} instead of @code{stdin}.
+ @end deftypefun
+@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{wscanf}, except that the input is read
+ from the stream @var{stream} instead of @code{stdin}.
+ @end deftypefun
+@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{scanf}, except that the characters are taken from the
+ null-terminated string @var{s} instead of from a stream. Reaching the
+ end of the string is treated as an end-of-file condition.
+@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{wscanf}, except that the characters are taken from the
+ null-terminated string @var{ws} instead of from a stream. Reaching the
+ end of the string is treated as an end-of-file condition.
+@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{scanf}, but instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{wscanf}, but instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fscanf} with the variable argument list
+ specified directly as for @code{vscanf}.
+ @end deftypefun
+@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fwscanf} with the variable argument list
+ specified directly as for @code{vwscanf}.
+ @end deftypefun
+@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{sscanf} with the variable argument list
+ specified directly as for @code{vscanf}.
+ @end deftypefun
+@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{swscanf} with the variable argument list
+ specified directly as for @code{vwscanf}.
+ @end deftypefun
+@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int feof (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{feof} function returns nonzero if and only if the end-of-file
+ indicator for the stream @var{stream} is set.
+
+@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int feof_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c There isn't much of a thread unsafety risk in reading a flag word and
++@c testing a bit in it.
+ The @code{feof_unlocked} function is equivalent to the @code{feof}
+ function except that it does not implicitly lock the stream.
+
+@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int ferror (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{ferror} function returns nonzero if and only if the error
+ indicator for the stream @var{stream} is set, indicating that an error
+ has occurred on a previous operation on the stream.
+@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int ferror_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ferror_unlocked} function is equivalent to the @code{ferror}
+ function except that it does not implicitly lock the stream.
+
+@@ -4023,6 +4201,7 @@ function.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void clearerr (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ This function clears the end-of-file and error indicators for the
+ stream @var{stream}.
+
+@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun void clearerr_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
+ The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
+ function except that it does not implicitly lock the stream.
+
+@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {long int} ftell (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function returns the current file position of the stream
+ @var{stream}.
+
+@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun off_t ftello (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ftello} function is similar to @code{ftell}, except that it
+ returns a value of type @code{off_t}. Systems which support this type
+ use it to describe all file positions, unlike the POSIX specification
+@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun off64_t ftello64 (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{ftello} with the only difference that
+ the return value is of type @code{off64_t}. This also requires that the
+ stream @var{stream} was opened using either @code{fopen64},
+@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fseek} function is used to change the file position of the
+ stream @var{stream}. The value of @var{whence} must be one of the
+ constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
+@@ -4215,6 +4399,7 @@ place in the file.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fseek} but it corrects a problem with
+ @code{fseek} in a system with POSIX types. Using a value of type
+ @code{long int} for the offset is not compatible with POSIX.
+@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fseeko} with the only difference that
+ the @var{offset} parameter is of type @code{off64_t}. This also
+ requires that the stream @var{stream} was opened using either
+@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void rewind (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{rewind} function positions the stream @var{stream} at the
+ beginning of the file. It is equivalent to calling @code{fseek} or
+ @code{fseeko} on the @var{stream} with an @var{offset} argument of
+@@ -4407,6 +4594,7 @@ representation.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function stores the value of the file position indicator for the
+ stream @var{stream} in the @code{fpos_t} object pointed to by
+ @var{position}. If successful, @code{fgetpos} returns zero; otherwise
+@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fgetpos} but the file position is
+ returned in a variable of type @code{fpos64_t} to which @var{position}
+ points.
+@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function sets the file position indicator for the stream @var{stream}
+ to the position @var{position}, which must have been set by a previous
+ call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
+@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fsetpos} but the file position used
+ for positioning is provided in a variable of type @code{fpos64_t} to
+ which @var{position} points.
+@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fflush (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function causes any buffered output on @var{stream} to be delivered
+ to the file. If @var{stream} is a null pointer, then
+ @code{fflush} causes buffered output on @emph{all} open output streams
+@@ -4572,6 +4764,7 @@ otherwise.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fflush_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fflush_unlocked} function is equivalent to the @code{fflush}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -4588,6 +4781,7 @@ exported.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun void _flushlbf (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{_flushlbf} function flushes all line buffered streams
+ currently opened.
+
+@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun void __fpurge (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{__fpurge} function causes the buffer of the stream
+ @var{stream} to be emptied. If the stream is currently in read mode all
+ input in the buffer is lost. If the stream is in output mode the
+@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is used to specify that the stream @var{stream} should
+ have the buffering mode @var{mode}, which can be either @code{_IOFBF}
+ (for full buffering), @code{_IOLBF} (for line buffering), or
+@@ -4710,6 +4906,7 @@ efficient size.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ If @var{buf} is a null pointer, the effect of this function is
+ equivalent to calling @code{setvbuf} with a @var{mode} argument of
+ @code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
+@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
+ @comment stdio.h
+ @comment BSD
+ @deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
+ Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
+ buffer. The @var{size} argument specifies the length of @var{buf}.
+@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
+ @comment stdio.h
+ @comment BSD
+ @deftypefun void setlinebuf (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function makes @var{stream} be line buffered, and allocates the
+ buffer for you.
+
+@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __flbf (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__flbf} function will return a nonzero value in case the
+ stream @var{stream} is line buffered. Otherwise the return value is
+ zero.
+@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun size_t __fbufsize (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
+ The @code{__fbufsize} function return the size of the buffer in the
+ stream @var{stream}. This value can be used to optimize the use of the
+ stream.
+@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun size_t __fpending (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
+ The @code{__fpending}
+ function returns the number of bytes currently in the output buffer.
+ For wide-oriented stream the measuring unit is wide characters. This
+@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
++@c bringing with it additional potential for async trouble with
++@c list_all_lock.
+ This function opens a stream that allows the access specified by the
+ @var{opentype} argument, that reads from or writes to the buffer specified
+ by the argument @var{buf}. This array must be at least @var{size} bytes long.
+@@ -4870,6 +5076,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -4985,6 +5192,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
+@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
+ @comment fmtmsg.h
+ @comment XPG
+ @deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
+ Display a message described by its parameters on the device(s) specified
+ in the @var{classification} parameter. The @var{label} parameter
+ identifies the source of the message. The string should consist of two
+@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
+ but this is toilsome.
+
+ @deftypefun int addseverity (int @var{severity}, const char *@var{string})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
+ This function allows the introduction of new severity classes which can be
+ addressed by the @var{severity} parameter of the @code{fmtmsg} function.
+ The @var{severity} parameter of @code{addseverity} must match the value
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
new file mode 100644
index 0000000..31af2c2
--- /dev/null
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -0,0 +1,3477 @@
+Bottom: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Top: 7e6a83a1413d637cd4076c377f2dc632dc928b39
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:48 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/???.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index c9fbe97..5322f91 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -36,6 +36,35 @@ needed in @code{main}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
++@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Optionally alloca()tes standard help options, initializes the parser,
++@c then parses individual args in a loop, and then finalizes.
++@c parser_init
++@c calc_sizes ok
++@c option_is_end ok
++@c malloc
++@c parser_convert glocale
++@c convert_options glocale
++@c option_is_end ok
++@c option_is_short ok
++@c isprint, but locale may change within the loop
++@c find_long_option ok
++@c group_parse
++@c group->parser (from argp->parser)
++@c parser_parse_next
++@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
++@c parser_parse_arg
++@c group_parse
++@c parser_parse_opt
++@c group_parse
++@c argp_error
++@c dgettext (bad key error)
++@c parser_finalize
++@c group_parse
++@c fprintf
++@c dgettext
++@c arg_state_help
++@c free
+ The @code{argp_parse} function parses the arguments in @var{argv}, of
+ length @var{argc}, using the argp parser @var{argp}. @xref{Argp
+ Parsers}. Passing a null pointer for @var{argp} is the same as using
+@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_usage (const struct argp_state *@var{state})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
+ Outputs the standard usage message for the argp parser referred to by
+ @var{state} to @code{@var{state}->err_stream} and terminate the program
+ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Lock stream, vasprintf the formatted message into a buffer, print the
++@c buffer prefixed by the short program name (in libc,
++@c argp_short_program_name is a macro that expands to
++@c program_invocation_short_name), releases the buffer, then call
++@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
++@c stream at the end.
+ Prints the printf format string @var{fmt} and following args, preceded
+ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ --help}} message, and terminates the program with an exit status of
+@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Lock stream, write out the short program name, vasprintf the optional
++@c formatted message to a buffer, print the buffer prefixed by colon and
++@c blank, release the buffer, call strerror_r with an automatic buffer,
++@c print it out after colon and blank, put[w]c a line break, unlock the
++@c stream, then exit unless ARGP_NO_EXIT.
+ Similar to the standard gnu error-reporting function @code{error}, this
+ prints the program name and @samp{:}, the printf format string
+ @var{fmt}, and the appropriate following args. If it is non-zero, the
+@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help with the short program name and optionally exit.
++@c The main problems in _help, besides the usual issues with stream I/O
++@c and translation, are the use of a static buffer (uparams) that makes
++@c the whole thing thread-unsafe, reading from the environment for
++@c ARGP_HELP_FMT, accessing the locale object multiple times.
++
++@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c flockfile lockleak
++@c funlockfile lockleak
++@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
++@c argp_failure dup (status = errnum = 0)
++@c atoi dup
++@c argp_hol asmalloc, memleak
++@c make_hol asmalloc, memleak
++@c hol_add_cluster asmalloc, memleak
++@c hol_append asmalloc, memleak
++@c hol_set_group ok
++@c hol_find_entry ok
++@c hol_sort glocale, asmalloc, memleak
++@c qsort asmalloc, memleak
++@c hol_entry_qcmp glocale
++@c hol_entry_cmp glocale
++@c group_cmp ok
++@c hol_cluster_cmp ok
++@c group_cmp ok
++@c hol_entry_first_short glocale
++@c hol_entry_short_iterate [glocale]
++@c until_short ok
++@c oshort ok
++@c isprint ok
++@c odoc ok
++@c hol_entry_first_long ok
++@c canon_doc_option glocale
++@c tolower dup
++@c hol_usage glocale, asi18n, asmalloc, memleak
++@c hol_entry_short_iterate ok
++@c add_argless_short_opt ok
++@c argp_fmtstream_printf dup
++@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
++@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
++@c usage_long_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_wmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_putc dup
++@c hol_cluster_is_child ok
++@c argp_fmtstream_wmargin dup
++@c print_header dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c indent_to dup
++@c argp_fmtstream_putc dup
++@c arg glocale, asmalloc, memleak
++@c argp_fmtstream_printf dup
++@c odoc dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_printf dup
++@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c indent_to dup
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c filter_doc dup
++@c argp_fmtstream_point dup
++@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_putc dup
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c hol_free asmalloc, memleak
++@c free dup
++@c argp_args_levels ok
++@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc ok
++@c argp_input ok
++@c argp->help_filter
++@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_write dup
++@c free dup
++@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c strndup asmalloc, memleak
++@c argp_input dup
++@c argp->help_filter
++@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure dup
++@c argp_fmtstream_write dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_lmargin dup
++@c free dup
++@c argp_make_fmtstream asmalloc, memleak
++@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
++@c put[w]c_unlocked dup
++@c isblank in loop glocale
++@c fxprintf lockleak
++@c fxprintf lockleak
++@c free dup
++@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_printf glocale, asmalloc, memleak
++@c argp_fmtstream_ensure dup
++@c vsnprintf dup
++@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update dup
++@c fxprintf lockleak
++@c realloc asmalloc, memleak
+ Outputs a help message for the argp parser referred to by @var{state},
+ to @var{stream}. The @var{flags} argument determines what sort of help
+ message is produced. @xref{Argp Help Flags}.
+@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 833e0c9..5c3aa9d 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -323,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -373,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -384,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -395,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -2443,6 +2448,32 @@ as well.
+ @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+ @c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
+diff --git a/manual/charset.texi b/manual/charset.texi
+index e21502e..7e6c416 100644
+--- a/manual/charset.texi
++++ b/manual/charset.texi
+@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int mbsinit (const mbstate_t *@var{ps})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c ps is dereferenced once, unguarded. Potential harmless data race.
+ The @code{mbsinit} function determines whether the state object pointed
+ to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
+ the object is in the initial state the return value is nonzero. Otherwise
+@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t btowc (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls btowc_fct or __fct; reads from locale, and from the
++@c get_gconv_fcts result multiple times. get_gconv_fcts calls
++@c __wcsmbs_load_conv to initialize the ctype if it's null.
++@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
++@c memory for the fcts structure, initializing it, and then storing it
++@c in the locale object. The initialization involves dlopening and a
++@c lot more.
+ The @code{btowc} function (``byte to wide character'') converts a valid
+ single byte character @var{c} in the initial shift state into the wide
+ character equivalent using the conversion rules from the currently
+@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wctob (wint_t @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctob} function (``wide character to byte'') takes as the
+ parameter a valid wide character. If the multibyte representation for
+ this character in the initial state is exactly one byte long, the return
+@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ @cindex stateful
+ The @code{mbrtowc} function (``multibyte restartable to wide
+ character'') converts the next multibyte character in the string pointed
+@@ -728,6 +740,7 @@ function that does part of the work.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbrlen} function (``multibyte restartable length'') computes
+ the number of at most @var{n} bytes starting at @var{s}, which form the
+ next valid and complete multibyte character.
+@@ -811,6 +824,50 @@ doing the work twice.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c wcrtomb uses a static, non-thread-local unguarded state variable when
++@c PS is NULL. When a state is passed in, and it's not used
++@c concurrently in other threads, this function behaves safely as long
++@c as gconv modules don't bring MT safety issues of their own.
++@c Attempting to load gconv modules or to build conversion chains in
++@c signal handlers may encounter gconv databases or caches in a
++@c partially-updated state, and asynchronous cancellation may leave them
++@c in such states, besides leaking the lock that guards them.
++@c get_gconv_fcts ok
++@c wcsmbs_load_conv ok
++@c norm_add_slashes ok
++@c wcsmbs_getfct ok
++@c gconv_find_transform ok
++@c gconv_read_conf (libc_once)
++@c gconv_lookup_cache ok
++@c find_module_idx ok
++@c find_module ok
++@c gconv_find_shlib (ok)
++@c ->init_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c do_lookup_alias ok
++@c find_derivation ok
++@c derivation_lookup ok
++@c increment_counter ok
++@c gconv_find_shlib ok
++@c step->init_fct (assumed ok)
++@c gen_steps ok
++@c gconv_find_shlib ok
++@c dlopen (presumed ok)
++@c dlsym (presumed ok)
++@c step->init_fct (assumed ok)
++@c step->end_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c add_derivation ok
++@c gconv_close_transform ok
++@c gconv_release_step ok
++@c step->end_fct (assumed ok)
++@c gconv_release_shlib ok
++@c dlclose (presumed ok)
++@c gconv_release_cache ok
++@c ->tomb->__fct (assumed ok)
+ The @code{wcrtomb} function (``wide character restartable to
+ multibyte'') converts a single wide character into a multibyte string
+ corresponding to that wide character.
+@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsrtowcs} function (``multibyte string restartable to wide
+ character string'') converts an NUL-terminated multibyte character
+ string at @code{*@var{src}} into an equivalent wide character string,
+@@ -1039,6 +1097,7 @@ length and passing this length to the function.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsrtombs} function (``wide character string restartable to
+ multibyte string'') converts the NUL-terminated wide character string at
+ @code{*@var{src}} into an equivalent multibyte character string and
+@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
+ function. All the parameters are the same except for @var{nmc}, which is
+ new. The return value is the same as for @code{mbsrtowcs}.
+@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsnrtombs} function implements the conversion from wide
+ character strings to multibyte character strings. It is similar to
+ @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
+@@ -1280,6 +1341,7 @@ conversion functions.}
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbtowc} (``multibyte to wide character'') function when called
+ with non-null @var{string} converts the first multibyte character
+ beginning at @var{string} to its corresponding wide character code. It
+@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctomb} (``wide character to multibyte'') function converts
+ the wide character code @var{wchar} to its corresponding multibyte
+ character sequence, and stores the result in bytes starting at
+@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mblen (const char *@var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mblen} function with a non-null @var{string} argument returns
+ the number of bytes that make up the multibyte character beginning at
+ @var{string}, never examining more than @var{size} bytes. (The idea is
+@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Odd... Although this is in the non-reentrant section, the state
++@c object is automatic, not a static buffer.
+ The @code{mbstowcs} (``multibyte string to wide character string'')
+ function converts the null-terminated string of multibyte characters
+ @var{string} to an array of wide character codes, storing not more than
+@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcstombs} (``wide character string to multibyte string'')
+ function converts the null-terminated wide character array @var{wstring}
+ into a string containing multibyte characters, storing not more than
+@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
++@c strip and upstr on both, then gconv_open. strip and upstr call
++@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
++@c tokenize toset, replace unspecified codesets with the current locale
++@c (posibly two different accesses), and finally it calls
++@c gconv_find_transform and initializes the gconv_t result with all the
++@c steps in the conversion sequence, running each one's initializer,
++@c destructing and releasing them all if anything fails.
++
+ The @code{iconv_open} function has to be used before starting a
+ conversion. The two parameters this function takes determine the
+ source and destination character set for the conversion, and if the
+@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun int iconv_close (iconv_t @var{cd})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
++@c Calls gconv_close to destruct and release each of the conversion
++@c steps, release the gconv_t object, then call gconv_close_transform.
++@c Access to the gconv_t object is not guarded, but calling iconv_close
++@c concurrently with any other use is undefined.
++
+ The @code{iconv_close} function frees all resources associated with the
+ handle @var{cd}, which must have been returned by a successful call to
+ the @code{iconv_open} function.
+@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c Without guarding access to the gconv_t object pointed to by cd, call
++@c the conversion function to convert inbuf or flush the internal
++@c conversion state.
+ @cindex stateful
+ The @code{iconv} function converts the text in the input buffer
+ according to the rules associated with the descriptor @var{cd} and
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..edbb2fd 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} sysconf (int @var{parameter})
++@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
++@c Some parts of the implementation open /proc and /sys files and dirs
++@c to collect system details, using fd and stream I/O depending on the
++@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
++@c calls tzset_internal, that calls getenv if it's called the first
++@c time; there are free and strdup calls in there too. The returned max
++@c value may change over time for TZNAME_MAX, depending on selected
++@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
++@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
++@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
++@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
+ This function is used to inquire about runtime system parameters. The
+ @var{parameter} argument should be one of the @samp{_SC_} symbols listed
+ below.
+@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c When __statfs_link_max finds an ext* filesystem, it may read
++@c /proc/mounts or similar as a mntent stream.
++@c __statfs_chown_restricted may read from
++@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
+ This function is used to inquire about the limits that apply to
+ the file named @var{filename}.
+
+@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c Same caveats as pathconf.
+ This is just like @code{pathconf} except that an open file descriptor
+ is used to specify the file for which information is requested, instead
+ of a file name.
+@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function reads the value of a string-valued system parameter,
+ storing the string into @var{len} bytes of memory space starting at
+ @var{buf}. The @var{parameter} argument should be one of the
+diff --git a/manual/crypt.texi b/manual/crypt.texi
+index ef90590..5c9f6f7 100644
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -92,7 +92,13 @@ in a convenient way.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun {char *} getpass (const char *@var{prompt})
+-
++@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
++@c This function will attempt to create a stream for terminal I/O, but
++@c will fallback to stdio/stderr. It attempts to change the terminal
++@c mode in a thread-unsafe way, write out the prompt, read the password,
++@c then restore the terminal mode. It has a cleanup to close the stream
++@c in case of (synchronous) cancellation, but not to restore the
++@c terminal mode.
+ @code{getpass} outputs @var{prompt}, then reads a string in from the
+ terminal without echoing it. It tries to connect to the real terminal,
+ @file{/dev/tty}, if possible, to encourage users not to put plaintext
+@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Besides the obvious problem of returning a pointer into static
++@c storage, the DES initializer takes an internal lock with the usual
++@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
++@c NSS implementations of may leak file descriptors if canceled. The
++@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
++@c and NSS relies on dlopening, which brings about another can of worms.
+
+ The @code{crypt} function takes a password, @var{key}, as a string, and
+ a @var{salt} character array which is described below, and returns a
+@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
+ @comment crypt.h
+ @comment GNU
+ @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Compared with crypt, this function fixes the staticbuf problem, but
++@c nothing else.
+
+ The @code{crypt_r} function does the same thing as @code{crypt}, but
+ takes an extra parameter which includes space for its result (among
+@@ -233,6 +249,11 @@ specifies the unused bits.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void setkey (const char *@var{key})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c The static buffer stores the key, making it fundamentally
++@c thread-unsafe. The locking issues are only in the initialization
++@c path; cancelling the initialization will leave the lock held, it
++@c would otherwise repeat the initialization on the next call.
+
+ The @code{setkey} function sets an internal data structure to be an
+ expanded form of @var{key}. @var{key} is specified as an array of 64
+@@ -244,6 +265,8 @@ parity.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void encrypt (char *@var{block}, int @var{edflag})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c Same issues as setkey.
+
+ The @code{encrypt} function encrypts @var{block} if
+ @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
+@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
+ @comment crypt.h
+ @comment GNU
+ @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+ @comment crypt.h
+ @comment GNU
+ @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+
+ These are reentrant versions of @code{setkey} and @code{encrypt}. The
+ only difference is the extra parameter, which stores the expanded
+@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{ecb_crypt} encrypts or decrypts one or more blocks
+ using DES. Each block is encrypted independently.
+@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{cbc_crypt} encrypts or decrypts one or more blocks
+ using DES in Cipher Block Chaining mode.
+@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun void des_setparity (char *@var{key})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{des_setparity} changes the 64-bit @var{key}, stored
+ packed in 8-bit bytes, to have odd parity by altering the low bits of
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index f05d509..ddf38ce 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
+@@ -732,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
+
+diff --git a/manual/debug.texi b/manual/debug.texi
+index 1db9c18..ce0c263 100644
+--- a/manual/debug.texi
++++ b/manual/debug.texi
+@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun int backtrace (void **@var{buffer}, int @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Pointer chasing within the local stack.
+ The @code{backtrace} function obtains a backtrace for the current
+ thread, as a list of pointers, and places the information into
+ @var{buffer}. The argument @var{size} should be the number of
+@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
++@c Collects info returned by _dl_addr in auto array, allocates memory
++@c for the whole return buffer with malloc then sprintfs into it storing
++@c pointers to the strings into the array entries in the buffer.
++@c _dl_addr takes the recursive dl_load_lock then calls
++@c _dl_find_dso_for_object and determine_info.
++@c _dl_find_dso_for_object calls _dl-addr_inside_object.
++@c All of them are safe as long as the lock is held.
++@c asynconsist? It doesn't looke like the dynamic loader's data
++@c structures could be in an inconsistent state that would cause
++@c malfunction here.
+ The @code{backtrace_symbols} function translates the information
+ obtained from the @code{backtrace} function into an array of strings.
+ The argument @var{buffer} should be a pointer to an array of addresses
+@@ -88,6 +101,11 @@ cannot be obtained.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c Single loop of _dl_addr over addresses, collecting info into an iovec
++@c written out with a writev call per iteration. Addresses and offsets
++@c are converted to hex in auto buffers, so the only potential issue
++@c here is leaking the dl lock in case of cancellation.
+ The @code{backtrace_symbols_fd} function performs the same translation
+ as the function @code{backtrace_symbols} function. Instead of returning
+ the strings to the caller, it writes the strings to the file descriptor
+diff --git a/manual/errno.texi b/manual/errno.texi
+index 6c9fa86..eb3f412 100644
+--- a/manual/errno.texi
++++ b/manual/errno.texi
+@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strerror (int @var{errnum})
++@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
++@c Calls strerror_r with a static buffer allocated with malloc on the
++@c first use.
+ The @code{strerror} function maps the error code (@pxref{Checking for
+ Errors}) specified by the @var{errnum} argument to a descriptive error
+ message string. The return value is a pointer to this string.
+@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
++@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
+ The @code{strerror_r} function works like @code{strerror} but instead of
+ returning the error message in a statically allocated buffer shared by
+ all threads in the process, it returns a private copy for the
+@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void perror (const char *@var{message})
++@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
++@c Besides strerror_r's and some of fprintf's issues, if stderr is not
++@c oriented yet, create a new stream with a dup of stderr's fd and write
++@c to that instead of stderr, to avoid orienting it.
+ This function prints an error message to the stream @code{stderr};
+ see @ref{Standard Streams}. The orientation of @code{stderr} is not
+ changed.
+@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
++@c Cancellation is disabled throught the execution. It flushes stdout
++@c and then holds a lock on stderr while printing the program name and
++@c then running error_tail. The non-wide case just runs vfprintf; the
++@c wide case converts the message to an alloca/malloc-allocated buffer
++@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
++@c print_errno_message calls strerror_r and fxprintf.
+ The @code{error} function can be used to report general problems during
+ program execution. The @var{format} argument is a format string just
+ like those given to the @code{printf} family of functions. The
+@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
++@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
++@c The error_one_per_line variable is accessed (without any form of
++@c synchronization, but since it's an int used once, it should be safe
++@c enough) and, if this mode is enabled, static variables used to hold
++@c the last printed file name and line number are accessed and modified
++@c without synchronization; the update is not atomic and it occurs
++@c before disabling cancellation, so it can be interrupted after only
++@c one of the two variables is modified. After that, it's very much
++@c like error.
+
+ The @code{error_at_line} function is very similar to the @code{error}
+ function. The only difference are the additional parameters @var{fname}
+@@ -1582,6 +1606,8 @@ are included only for compatibility.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warn (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Just calls vwarn with the va_list.
+ The @code{warn} function is roughly equivalent to a call like
+ @smallexample
+ error (0, errno, format, @r{the parameters})
+@@ -1594,6 +1620,11 @@ are not used.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c While holding stderr's recursive lock, it prints the programname, the
++@c given message, and the error string with fw?printf's %m. When the
++@c stream is wide, convert_and_print converts the format string to an
++@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
+ The @code{vwarn} function is just like @code{warn} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warnx (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn, but without the strerror translation issues.
+ The @code{warnx} function is roughly equivalent to a call like
+ @smallexample
+ error (0, 0, format, @r{the parameters})
+@@ -1615,6 +1648,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn, but without the strerror translation issues.
+ The @code{vwarnx} function is just like @code{warnx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn followed by exit.
+ The @code{err} function is roughly equivalent to a call like
+ @smallexample
+ error (status, errno, format, @r{the parameters})
+@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn followed by exit.
+ The @code{verr} function is just like @code{err} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warnx followed by exit.
+ The @code{errx} function is roughly equivalent to a call like
+ @smallexample
+ error (status, 0, format, @r{the parameters})
+@@ -1657,6 +1698,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarnx followed by exit.
+ The @code{verrx} function is just like @code{errx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..2244025 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the file.
+ This structure is statically allocated and can be rewritten by a
+@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is the reentrant version of @code{readdir}. Like
+ @code{readdir} it returns the next entry from the directory. But to
+ prevent conflicts between simultaneously running threads the result is
+@@ -516,6 +558,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -597,6 +650,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -616,6 +673,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -646,6 +716,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -880,6 +960,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1190,6 +1287,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1249,6 +1347,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1290,6 +1390,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1371,6 +1474,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1875,6 +1987,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1909,6 +2023,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1936,6 +2058,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1974,12 +2099,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -1987,6 +2114,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -1994,12 +2122,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2732,6 +2874,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2797,6 +2946,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2813,6 +2965,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3192,6 +3380,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
+diff --git a/manual/getopt.texi b/manual/getopt.texi
+index f0b7283..3c1f4de 100644
+--- a/manual/getopt.texi
++++ b/manual/getopt.texi
+@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c It may swap argv elements but argv is not guarded, and the
++@c modifications may be partial in case of cancellation. Calling getenv
++@c also brings about thread-safety issues out of access and returning
++@c pointers into the globally shared environment array, just like
++@c calling gettext brings about a whole lot of AS and AC safety issues.
++@c The getopt API involves returning values in the non-thread-specific
++@c optarg variable, which adds another thread-safety issue. Given
++@c print_errors, it may output errors to stderr, which may
++@c self-deadlock, leak locks, or encounter (in a signal handler) or
++@c leave (in case of cancellation) stderr in an inconsistent state.
++@c Various implicit, indirect uses of malloc, in uses of memstream and
++@c asprintf for error-printing, bring about the usual malloc issues.
++@c (The explicit use of malloc in a conditional situation in
++@c _getopt_initialize is never exercised in glibc.)
++@c
++@c _getopt_internal
++@c _getopt_internal_r
++@c gettext
++@c _getopt_initialize
++@c getenv
++@c malloc if USE_NONOPTION_FLAGS, never defined in libc
++@c open_memstream
++@c lockfile, unlockfile, __fxprintf -> stderr
++@c asprintf
+ The @code{getopt} function gets the next option argument from the
+ argument list specified by the @var{argv} and @var{argc} arguments.
+ Normally these values come directly from the arguments received by
+@@ -225,6 +250,8 @@ was seen.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+ Decode options from the vector @var{argv} (whose length is @var{argc}).
+ The argument @var{shortopts} describes the short options to accept, just as
+ it does in @code{getopt}. The argument @var{longopts} describes the long
+@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+
+ The @code{getopt_long_only} function is equivalent to the
+ @code{getopt_long} function but it allows to specify the user of the
+diff --git a/manual/intro.texi b/manual/intro.texi
+index 2630a77..e47832c 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
+ @code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+ @item @code{uunguard}
+ @cindex uunguard
+
+@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
+ modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+ @end itemize
+
+
+@@ -305,11 +363,37 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+ @item @code{fdleak}
+ @cindex fdleak
+@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
+ Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ ensure MT-Safety while modifying data structures guarded by the lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid a deadlock if any signal handler might need
+@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
+ MT-Safety while accessing or modifying data structures guarded by the
+ lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the latter function may observe a partially updated,
+-inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid the misbehavior that may ensue if any signal
+@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
+ only safe way to avoid the misbehavior that may ensure if the thread is
+ canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+ @item @code{simfpu}
+ @cindex simfpu
+diff --git a/manual/job.texi b/manual/job.texi
+index 4efeed3..779ea96 100644
+--- a/manual/job.texi
++++ b/manual/job.texi
+@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {char *} ctermid (char *@var{string})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This function is a stub by default; the actual implementation, for
++@c posix systems, returns an internal buffer if passed a NULL string,
++@c but the internal buffer is always set to /dev/tty.
+ The @code{ctermid} function returns a string containing the file name of
+ the controlling terminal for the current process. If @var{string} is
+ not a null pointer, it should be an array that can hold at least
+@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t setsid (void)
++@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
++@c This is usually a direct syscall, but if a syscall is not available,
++@c we use a stub, or Hurd- and BSD-specific implementations. The former
++@c uses a mutex and a hurd critical section, and the latter issues a few
++@c syscalls, so both seem safe, except for the locking on Hurd.
+ The @code{setsid} function creates a new session. The calling process
+ becomes the session leader, and is put in a new process group whose
+ process group ID is the same as the process ID of that process. There
+@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
+ @comment unistd.h
+ @comment SVID
+ @deftypefun pid_t getsid (pid_t @var{pid})
+-
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{getsid} function returns the process group ID of the session
+ leader of the specified process. If a @var{pid} is @code{0}, the
+ process group ID of the session leader of the current process is
+@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The POSIX.1 definition of @code{getpgrp} returns the process group ID of
+ the calling process.
+ @end deftypefn
+@@ -1141,6 +1153,8 @@ the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The BSD definition of @code{getpgrp} returns the process group ID of the
+ process @var{pid}. You can supply a value of @code{0} for the @var{pid}
+ argument to get information about the calling process.
+@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
+ @comment unistd.h
+ @comment SVID
+ @deftypefn {System V Function} int getpgid (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+
+ @code{getpgid} is the same as the BSD function @code{getpgrp}. It
+ returns the process group ID of the process @var{pid}. You can supply a
+@@ -1171,6 +1187,8 @@ process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{setpgid} function puts the process @var{pid} into the process
+ group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
+ be zero to indicate the process ID of the calling process.
+@@ -1208,6 +1226,8 @@ process or a child of the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall or setpgid wrapper.
+ This is the BSD Unix name for @code{setpgid}. Both functions do exactly
+ the same thing.
+ @end deftypefun
+@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t tcgetpgrp (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function returns the process group ID of the foreground process
+ group associated with the terminal open on descriptor @var{filedes}.
+
+@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function is used to set a terminal's foreground process group ID.
+ The argument @var{filedes} is a descriptor which specifies the terminal;
+ @var{pgid} specifies the process group. The calling process must be a
+@@ -1297,6 +1321,8 @@ process.
+ @comment termios.h
+ @comment Unix98
+ @deftypefun pid_t tcgetsid (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
+ This function is used to obtain the process group ID of the session
+ for which the terminal specified by @var{fildes} is the controlling terminal.
+ If the call is successful the group ID is returned. Otherwise the
+diff --git a/manual/lang.texi b/manual/lang.texi
+index ee04e23..d6cd90c 100644
+--- a/manual/lang.texi
++++ b/manual/lang.texi
+@@ -51,6 +51,8 @@ without indicating anything might be wrong.
+ @comment assert.h
+ @comment ISO
+ @deftypefn Macro void assert (int @var{expression})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Verify the programmer's belief that @var{expression} is nonzero at
+ this point in the program.
+
+@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
+ @comment assert.h
+ @comment GNU
+ @deftypefn Macro void assert_perror (int @var{errnum})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Similar to @code{assert}, but verifies that @var{errnum} is zero.
+
+ If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
+@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This macro initializes the argument pointer variable @var{ap} to point
+ to the first of the optional arguments of the current function;
+ @var{last-required} must be the last required argument to the function.
+@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_arg} macro returns the value of the next optional argument,
+ and modifies the value of @var{ap} to point to the subsequent argument.
+ Thus, successive uses of @code{va_arg} return successive optional
+@@ -445,6 +453,8 @@ of the actual argument.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_end (va_list @var{ap})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This ends the use of @var{ap}. After a @code{va_end} call, further
+ @code{va_arg} calls with the same @var{ap} may not work. You should invoke
+ @code{va_end} before returning from the function in which @code{va_start}
+@@ -466,6 +476,8 @@ of the same type.
+ @comment ISO
+ @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
+ @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_copy} macro allows copying of objects of type
+ @code{va_list} even if this is not an integral type. The argument pointer
+ in @var{dest} is initialized to point to the same argument as the
+@@ -1212,6 +1224,8 @@ type of a particular structure member.
+ @comment stddef.h
+ @comment ISO
+ @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This expands to a integer constant expression that is the offset of the
+ structure member named @var{member} in the structure type @var{type}.
+ For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
+diff --git a/manual/libdl.texi b/manual/libdl.texi
+new file mode 100644
+index 0000000..e3fe045
+--- /dev/null
++++ b/manual/libdl.texi
+@@ -0,0 +1,10 @@
++@c FIXME these are undocumented:
++@c dladdr
++@c dladdr1
++@c dlclose
++@c dlerror
++@c dlinfo
++@c dlmopen
++@c dlopen
++@c dlsym
++@c dlvsym
+diff --git a/manual/llio.texi b/manual/llio.texi
+index b129cf4..66370c4 100644
+--- a/manual/llio.texi
++++ b/manual/llio.texi
+@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The @code{open} function creates and returns a new file descriptor for
+ the file named by @var{filename}. Initially, the file position
+ indicator for the file is at the beginning of the file. The argument
+@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{open}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ difference is that on 32 bit systems the file is opened in the
+@@ -178,6 +180,7 @@ replaces the old API.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is obsolete. The call:
+
+ @smallexample
+@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{creat}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ the difference is that on 32 bit systems the file is opened in the
+@@ -219,6 +223,7 @@ replaces the old API.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int close (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The function @code{close} closes the file descriptor @var{filedes}.
+ Closing a file has the following consequences:
+
+@@ -300,6 +305,7 @@ but must be a signed type.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{read} function reads up to @var{size} bytes from the file
+ with descriptor @var{filedes}, storing the results in the @var{buffer}.
+ (This is not necessarily a character string, and no terminating null
+@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, read and lseek back, but is it
++@c used anywhere?
+ The @code{pread} function is similar to the @code{read} function. The
+ first three arguments are identical, and the return values and error
+ codes also correspond.
+@@ -430,6 +440,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
++@c it used anywhere?
+ This function is similar to the @code{pread} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{write} function writes up to @var{size} bytes from
+ @var{buffer} to the file with descriptor @var{filedes}. The data in
+ @var{buffer} is not necessarily a character string and a null character is
+@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, write and lseek back, but is it
++@c used anywhere?
+ The @code{pwrite} function is similar to the @code{write} function. The
+ first three arguments are identical, and the return values and error codes
+ also correspond.
+@@ -592,6 +611,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
++@c is it used anywhere?
+ This function is similar to the @code{pwrite} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lseek} function is used to change the file position of the
+ file with descriptor @var{filedes}.
+
+@@ -713,6 +737,7 @@ descriptors.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to the @code{lseek} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ The @code{fdopen} function returns a new stream for the file descriptor
+ @var{filedes}.
+
+@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun int fileno (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the file descriptor associated with the stream
+ @var{stream}. If an error is detected (for example, if the @var{stream}
+ is not valid) or if @var{stream} does not do I/O to a file,
+@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fileno_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fileno_unlocked} function is equivalent to the @code{fileno}
+ function except that it does not implicitly lock the stream if the state
+ is @code{FSETLOCKING_INTERNAL}.
+@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+-
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer into which data is read, if the total read size is
++@c too large for alloca.
+ The @code{readv} function reads data from @var{filedes} and scatters it
+ into the buffers described in @var{vector}, which is taken to be
+ @var{count} structures long. As each buffer is filled, data is sent to the
+@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer from which data is written, if the total write size
++@c is too large for alloca.
+
+ The @code{writev} function gathers data from the buffers described in
+ @var{vector}, which is taken to be @var{count} structures long, and writes
+@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{mmap} function creates a new mapping, connected to bytes
+ (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
+@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
+ @comment sys/mman.h
+ @comment LFS
+ @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
++@c is) would be thread-unsafe.
+ The @code{mmap64} function is equivalent to the @code{mmap} function but
+ the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
+ this allows the file associated with the @var{filedes} descriptor to be
+@@ -1284,6 +1325,7 @@ replaces the old API.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int munmap (void *@var{addr}, size_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
+ @var{length}). @var{length} should be the length of the mapping.
+@@ -1310,6 +1352,7 @@ aligned.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ When using shared mappings, the kernel can write the file at any time
+ before the mapping is removed. To be certain data has actually been
+@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
+ @comment sys/mman.h
+ @comment GNU
+ @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to change the size of an existing memory
+ area. @var{address} and @var{length} must cover a region entirely mapped
+@@ -1405,6 +1449,7 @@ Coding Standards}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to provide the system with @var{advice} about
+ the intended usage patterns of the memory region starting at @var{addr}
+@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_ZERO (fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro initializes the file descriptor set @var{set} to be the
+ empty set.
+ @end deftypefn
+@@ -1538,6 +1584,9 @@ empty set.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro adds @var{filedes} to the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1547,6 +1596,9 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro removes @var{filedes} from the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1556,6 +1608,7 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value (true) if @var{filedes} is a member
+ of the file descriptor set @var{set}, and zero (false) otherwise.
+
+@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The select syscall is preferred, but pselect6 may be used instead,
++@c which requires converting timeout to a timespec and back. The
++@c conversions are not atomic.
+ The @code{select} function blocks the calling process until there is
+ activity on any of the specified sets of file descriptors, or until the
+ timeout period has expired.
+@@ -1670,6 +1727,7 @@ they return.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun void sync (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ A call to this function will not return as long as there is data which
+ has not been written to the device. All dirty buffers in the kernel will
+ be written and so an overall consistent system can be achieved (if no
+@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fsync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fsync} function can be used to make sure all data associated with
+ the open file @var{fildes} is written to the device associated with the
+ descriptor. The function call does not return unless all actions have
+@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fdatasync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ When a call to the @code{fdatasync} function returns, it is ensured
+ that all of the file data is written to the device. For all pending I/O
+ operations, the parts guaranteeing data integrity finished.
+@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_read (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Calls aio_enqueue_request.
++@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_self ok
++@c pthread_getschedparam selfdeadlock, lockleak
++@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
++@c sched_getparam ok
++@c sched_getscheduler ok
++@c lll_unlock lockleak
++@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
++@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
++@c realloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_attr_init ok
++@c pthread_attr_setdetachstate ok
++@c pthread_get_minstack ok
++@c pthread_attr_setstacksize ok
++@c sigfillset ok
++@c memset ok
++@c sigdelset ok [xguargs, but the caller's sigset is automatic]
++@c SYSCALL rt_sigprocmask ok
++@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c alloca/malloc asmalloc, memleak
++@c lll_unlock lockleak
++@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c getpagesize dup
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c lll_unlock lockleak
++@c _dl_allocate_tls asmalloc, memleak
++@c _dl_allocate_tls_storage asmalloc, memleak
++@c memalign asmalloc, memleak
++@c memset ok
++@c allocate_dtv dup
++@c free asmalloc, memleak
++@c allocate_dtv asmalloc, memleak
++@c calloc asmalloc, memleak
++@c INSTALL_DTV ok
++@c list_add dup
++@c get_cached_stack
++@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
++@c list_for_each ok
++@c list_entry dup
++@c FREE_P dup
++@c stack_list_del dup
++@c stack_list_add dup
++@c lll_unlock lockleak
++@c _dl_allocate_tls_init ok
++@c GET_DTV ok
++@c mmap ok
++@c atomic_increment_val ok
++@c munmap ok
++@c change_stack_perm ok
++@c mprotect ok
++@c mprotect ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c THREAD_COPY_STACK_GUARD ok
++@c THREAD_COPY_POINTER_GUARD ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (state_cache_lock) selfdeadlock, lockleak
++@c stack_list_del ok
++@c atomic_write_barrier ok
++@c list_del ok [uunguard]
++@c atomic_write_barrier ok
++@c queue_stack asmalloc, memleak
++@c stack_list_add ok
++@c atomic_write_barrier ok
++@c list_add ok [uunguard]
++@c atomic_write_barrier ok
++@c free_stacks asmalloc, memleak
++@c list_for_each_prev_safe ok
++@c list_entry ok
++@c FREE_P ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c _dl_deallocate_tls asmalloc, memleak
++@c free asmalloc, memleak
++@c lll_unlock lockleak
++@c create_thread selfdeadlock, asmalloc, lockleak, memleak
++@c td_eventword
++@c td_eventmask
++@c do_clone selfdeadlock, asmalloc, lockleak, memleak
++@c PREPARE_CREATE ok
++@c lll_lock (pd->lock) selfdeadlock, lockleak
++@c atomic_increment ok
++@c clone ok
++@c atomic_decrement ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack dup
++@c sched_setaffinity ok
++@c tgkill ok
++@c sched_setscheduler ok
++@c atomic_compare_and_exchange_bool_acq ok
++@c nptl_create_event ok
++@c lll_unlock (pd->lock) lockleak
++@c free asmalloc, memleak
++@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
++@c add_request_to_runlist ok [xguargs]
++@c pthread_cond_signal ok
++@c aio_free_request ok [xguargs]
++@c pthread_mutex_unlock lockleak
++
++@c (in the new thread, initiated with clone)
++@c start_thread ok
++@c HP_TIMING_NOW ok
++@c ctype_init [glocale] (in theory, but optimized into safety)
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c sigemptyset ok
++@c sigaddset ok
++@c setjmp ok
++@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
++@c do_cancel ok
++@c pthread_unwind ok
++@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
++@c lll_lock selfdeadlock, lockleak
++@c lll_unlock selfdeadlock, lockleak
++@c CANCEL_RESET -> pthread_disable_asynccancel ok
++@c lll_futex_wait ok
++@c ->start_routine ok -----
++@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
++@c user-supplied dtor
++@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
++@c rtld_lock_unlock_recursive lockleak
++@c free asmalloc, memleak
++@c nptl_deallocate_tsd asmalloc, memleak
++@c tsd user-supplied dtors ok
++@c free asmalloc, memleak
++@c libc_thread_freeres
++@c libc_thread_subfreeres ok
++@c atomic_decrement_and_test ok
++@c td_eventword ok
++@c td_eventmask ok
++@c atomic_compare_exchange_bool_acq ok
++@c nptl_death_event ok
++@c lll_robust_dead ok
++@c getpagesize ok
++@c madvise ok
++@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
++@c free asmalloc, memleak
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_futex_wait ok
++@c exit_thread_inline ok
++@c syscall(exit) ok
++
+ This function initiates an asynchronous read operation. It
+ immediately returns after the operation was enqueued or when an
+ error was encountered.
+@@ -1988,6 +2200,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_read} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{aio_read64} uses
+@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_write (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function initiates an asynchronous write operation. The function
+ call immediately returns after the operation was enqueued or if before
+ this happens an error was encountered.
+@@ -2072,6 +2286,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_write} function. The only
+ difference is that on @w{32 bit} machines the file descriptor should
+ be opened in the large file mode. Internally @code{aio_write64} uses
+@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
++@c enqueues each request. Then, it waits for notification or prepares
++@c for it before releasing the lock. Even though it performs memory
++@c allocation and locking of its own, it doesn't add any classes of
++@c safety issues that aren't already covered by aio_enqueue_request.
+ The @code{lio_listio} function can be used to enqueue an arbitrary
+ number of read and write requests at one time. The requests can all be
+ meant for the same file, all for different files or every solution in
+@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{lio_listio} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{lio_listio64} uses
+@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function determines the error state of the request described by the
+ @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
+ request has not yet terminated the value returned is always
+@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_error} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2238,6 +2462,7 @@ machines.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function can be used to retrieve the return status of the operation
+ carried out by the request described in the variable pointed to by
+ @var{aiocbp}. As long as the error status of this request as returned
+@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_return} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check that the FD is open, it calls
++@c aio_enqueue_request.
+ Calling this function forces all I/O operations operating queued at the
+ time of the function call operating on the file descriptor
+ @code{aiocbp->aio_fildes} into the synchronized I/O completion state
+@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_fsync} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c Take aio_requests_mutex, set up waitlist and requestlist, wait
++@c for completion or timeout, and release the mutex.
+ When calling this function, the calling thread is suspended until at
+ least one of the requests pointed to by the @var{nent} elements of the
+ array @var{list} has completed. If any of the requests has already
+@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is similar to @code{aio_suspend} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check the fd is open, hold aio_requests_mutex, call
++@c aio_find_req_fd, aio_remove_request, then aio_notify and
++@c aio_free_request each request before releasing the lock.
++@c aio_notify calls aio_notify_only and free, besides cond signal or
++@c similar. aio_notify_only calls pthread_attr_init,
++@c pthread_attr_setdetachstate, malloc, pthread_create,
++@c notify_func_wrapper, aio_sigqueue, getpid, raise.
++@c notify_func_wraper calls aio_start_notify_thread, free and then the
++@c notifier function.
+ The @code{aio_cancel} function can be used to cancel one or more
+ outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
+ function tries to cancel all of the outstanding requests which would process
+@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_cancel} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2529,6 +2774,8 @@ Unused.
+ @comment aio.h
+ @comment GNU
+ @deftypefun void aio_init (const struct aioinit *@var{init})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c All changes to global objects are guarded by aio_requests_mutex.
+ This function must be called before any other AIO function. Calling it
+ is completely voluntary, as it is only meant to help the AIO
+ implementation perform better.
+@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcntl} function performs the operation specified by
+ @var{command} on the file descriptor @var{filedes}. Some commands
+ require additional arguments to be supplied. These additional arguments
+@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup (int @var{old})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies descriptor @var{old} to the first available
+ descriptor number (the first number not currently open). It is
+ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup2 (int @var{old}, int @var{new})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies the descriptor @var{old} to descriptor number
+ @var{new}.
+
+@@ -3631,6 +3881,7 @@ different headers.
+ @comment sys/ioctl.h
+ @comment BSD
+ @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{ioctl} function performs the generic I/O operation
+ @var{command} on @var{filedes}.
+@@ -3650,3 +3901,6 @@ unknown device.
+ Most IOCTLs are OS-specific and/or only used in special system utilities,
+ and are thus beyond the scope of this document. For an example of the use
+ of an IOCTL, see @ref{Out-of-Band Data}.
++
++@c FIXME this is undocumented:
++@c dup3
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 323268d..da50d18 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+-@safety{@mtunsafe{uunguard}}
+-@c This function is MT-Safe, but uses of the global locale object are
+-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+-@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
+diff --git a/manual/resource.texi b/manual/resource.texi
+index 1ec7af2..71b08f7 100644
+--- a/manual/resource.texi
++++ b/manual/resource.texi
+@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
+ @comment sys/resource.h
+ @comment BSD
+ @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems.
+ Read the current and maximum limits for the resource @var{resource}
+ and store them in @code{*@var{rlp}}.
+
+@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
+ @comment sys/resource.h
+ @comment Unix98
+ @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
+ This function is similar to @code{getrlimit} but its second parameter is
+ a pointer to a variable of type @code{struct rlimit64}, which allows it
+ to read values which wouldn't fit in the member of a @code{struct
+@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int getpagesize (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
++@c the exception, with the possibility of a syscall.
+ The @code{getpagesize} function returns the page size of the process.
+ This value is fixed for the runtime of the process but can vary in
+ different runs of the application.
+@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_phys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This fopens a /proc file and scans it for the requested information.
+ The @code{get_phys_pages} function returns the total number of pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1569,6 +1578,7 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_avphys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+ The @code{get_phys_pages} function returns the number of available pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs_conf (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This function reads from from /sys using dir streams (single user, so
++@c no staticbuf MT-Safety issue), and on some arches, from /proc using
++@c streams.
+ The @code{get_nprocs_conf} function returns the number of processors the
+ operating system configured.
+
+@@ -1623,6 +1637,8 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs (void)
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
++@c This function reads from /proc using file descriptor I/O.
+ The @code{get_nprocs} function returns the number of available processors.
+
+ This function is a GNU extension.
+diff --git a/manual/search.texi b/manual/search.texi
+index efd3604..6910edc 100644
+--- a/manual/search.texi
++++ b/manual/search.texi
+@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
+ The @var{qsort} function sorts the array @var{array}. The array contains
+ @var{count} elements, each of which is of size @var{size}.
+
+@@ -436,6 +437,11 @@ in the header file @file{search.h}.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
++@c The tree is not modified in a thread-safe manner, and rotations may
++@c leave the tree in an inconsistent state that could be observed in an
++@c asynchronous signal handler or after asynchronous cancellation of the
++@c thread performing the rotation or the insertion.
+ The @code{tsearch} function searches in the tree pointed to by
+ @code{*@var{rootp}} for an element matching @var{key}. The function
+ pointed to by @var{compar} is used to determine whether two elements
+@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ The @code{tfind} function is similar to the @code{tsearch} function. It
+ locates an element matching the one pointed to by @var{key} and returns
+ a pointer to this element. But if no matching element is available no
+@@ -479,6 +486,7 @@ elements.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+ To remove a specific element matching @var{key} from the tree
+ @code{tdelete} can be used. It locates the matching element using the
+ same method as @code{tfind}. The corresponding element is then removed
+@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
+ @comment search.h
+ @comment GNU
+ @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ If the complete search tree has to be removed one can use
+ @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
+ function to generate the tree pointed to by @var{vroot}.
+@@ -546,6 +555,7 @@ The current node is a leaf.
+ @comment search.h
+ @comment SVID
+ @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
++@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
+ For each node in the tree with a node pointed to by @var{root}, the
+ @code{twalk} function calls the function provided by the parameter
+ @var{action}. For leaf nodes the function is called exactly once with
+diff --git a/manual/startup.texi b/manual/startup.texi
+index a277714..7bbaf13 100644
+--- a/manual/startup.texi
++++ b/manual/startup.texi
+@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
+ The difference to the @code{setenv} function is that the exact string
+ given as the parameter @var{string} is put into the environment. If the
+ user should change the string after the @code{putenv} call this will
+-reflect in automatically in the environment. This also requires that
+-@var{string} is no automatic variable which scope is left before the
++reflect automatically in the environment. This also requires that
++@var{string} not be an automatic variable whose scope is left before the
+ variable is removed from the environment. The same applies of course to
+ dynamically allocated variables which are freed later.
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 7809dd4..79a3340 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ @c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+@@ -267,7 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+ @c After fclose, it is undefined behavior to use the stream it points
+ @c to. Therefore, one must only call fclose when the stream is
+ @c otherwise unused. Concurrent uses started before will complete
+@@ -2662,6 +2662,42 @@ pointer @var{ap}.
+ @c case of cancellation. This doesn't make it unsafe, but cancelling it
+ @c may leak memory. The unguarded use of __printf_function_table is
+ @c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+ @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+ @c bringing with it additional potential for async trouble with
+ @c list_all_lock.
+@@ -5076,7 +5112,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -5192,7 +5228,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
+diff --git a/manual/string.texi b/manual/string.texi
+index 246be84..a75d298 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
+ @comment string.h
+ @comment GNU
+ @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls isdigit multiple times, locale may change in between.
+ The @code{strverscmp} function compares the string @var{s1} against
+ @var{s2}, considering them as holding indices/version numbers. The
+ return value follows the same conventions as found in the
+@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+ @comment string.h
+ @comment ISO
+ @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Adjust alphasort one safety info is determined.
+ The @code{strcoll} function is similar to @code{strcmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
+diff --git a/manual/terminal.texi b/manual/terminal.texi
+index 9e9c057..7f62a4e 100644
+--- a/manual/terminal.texi
++++ b/manual/terminal.texi
+@@ -264,6 +264,9 @@ array.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the kernel-returned termios data structure to the userland
++@c format does not ensure atomic or consistent writing.
+ This function is used to examine the attributes of the terminal
+ device with file descriptor @var{filedes}. The attributes are returned
+ in the structure that @var{termios-p} points to.
+@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the incoming termios data structure to the kernel format
++@c does not ensure atomic or consistent reading.
+ This function sets the attributes of the terminal device with file
+ descriptor @var{filedes}. The new attributes are taken from the
+ structure that @var{termios-p} points to.
+diff --git a/manual/threads.texi b/manual/threads.texi
+index a23ac26..19bfad6 100644
+--- a/manual/threads.texi
++++ b/manual/threads.texi
+@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
+ data destructors or even as members of the thread-specific data, since the
+ latter is passed as an argument to the destructor function.
+
++@c FIXME: use @deftypefun for these.
+ @item int pthread_key_delete (pthread_key_t @var{key})
+ Destroy the thread-specific data @var{key} in the calling thread. The
+ destructor for the thread-specific data is not called during destruction, nor
+@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
+ The system does not have sufficient memory.
+ @end table
+ @end deftypefun
++
++@c FIXME these are undocumented:
++@c pthread_atfork
++@c pthread_attr_destroy
++@c pthread_attr_getaffinity_np
++@c pthread_attr_getdetachstate
++@c pthread_attr_getguardsize
++@c pthread_attr_getinheritsched
++@c pthread_attr_getschedparam
++@c pthread_attr_getschedpolicy
++@c pthread_attr_getscope
++@c pthread_attr_getstack
++@c pthread_attr_getstackaddr
++@c pthread_attr_getstacksize
++@c pthread_attr_init
++@c pthread_attr_setaffinity_np
++@c pthread_attr_setdetachstate
++@c pthread_attr_setguardsize
++@c pthread_attr_setinheritsched
++@c pthread_attr_setschedparam
++@c pthread_attr_setschedpolicy
++@c pthread_attr_setscope
++@c pthread_attr_setstack
++@c pthread_attr_setstackaddr
++@c pthread_attr_setstacksize
++@c pthread_barrierattr_destroy
++@c pthread_barrierattr_getpshared
++@c pthread_barrierattr_init
++@c pthread_barrierattr_setpshared
++@c pthread_barrier_destroy
++@c pthread_barrier_init
++@c pthread_barrier_wait
++@c pthread_cancel
++@c pthread_cleanup_push
++@c pthread_cleanup_pop
++@c pthread_condattr_destroy
++@c pthread_condattr_getclock
++@c pthread_condattr_getpshared
++@c pthread_condattr_init
++@c pthread_condattr_setclock
++@c pthread_condattr_setpshared
++@c pthread_cond_broadcast
++@c pthread_cond_destroy
++@c pthread_cond_init
++@c pthread_cond_signal
++@c pthread_cond_timedwait
++@c pthread_cond_wait
++@c pthread_create
++@c pthread_detach
++@c pthread_equal
++@c pthread_exit
++@c pthread_getaffinity_np
++@c pthread_getattr_np
++@c pthread_getconcurrency
++@c pthread_getcpuclockid
++@c pthread_getname_np
++@c pthread_getschedparam
++@c pthread_join
++@c pthread_kill
++@c pthread_kill_other_threads_np
++@c pthread_mutexattr_destroy
++@c pthread_mutexattr_getkind_np
++@c pthread_mutexattr_getprioceiling
++@c pthread_mutexattr_getprotocol
++@c pthread_mutexattr_getpshared
++@c pthread_mutexattr_getrobust
++@c pthread_mutexattr_getrobust_np
++@c pthread_mutexattr_gettype
++@c pthread_mutexattr_init
++@c pthread_mutexattr_setkind_np
++@c pthread_mutexattr_setprioceiling
++@c pthread_mutexattr_setprotocol
++@c pthread_mutexattr_setpshared
++@c pthread_mutexattr_setrobust
++@c pthread_mutexattr_setrobust_np
++@c pthread_mutexattr_settype
++@c pthread_mutex_consistent
++@c pthread_mutex_consistent_np
++@c pthread_mutex_destroy
++@c pthread_mutex_getprioceiling
++@c pthread_mutex_init
++@c pthread_mutex_lock
++@c pthread_mutex_setprioceiling
++@c pthread_mutex_timedlock
++@c pthread_mutex_trylock
++@c pthread_mutex_unlock
++@c pthread_once
++@c pthread_rwlockattr_destroy
++@c pthread_rwlockattr_getkind_np
++@c pthread_rwlockattr_getpshared
++@c pthread_rwlockattr_init
++@c pthread_rwlockattr_setkind_np
++@c pthread_rwlockattr_setpshared
++@c pthread_rwlock_destroy
++@c pthread_rwlock_init
++@c pthread_rwlock_rdlock
++@c pthread_rwlock_timedrdlock
++@c pthread_rwlock_timedwrlock
++@c pthread_rwlock_tryrdlock
++@c pthread_rwlock_trywrlock
++@c pthread_rwlock_unlock
++@c pthread_rwlock_wrlock
++@c pthread_self
++@c pthread_setaffinity_np
++@c pthread_setcancelstate
++@c pthread_setcanceltype
++@c pthread_setconcurrency
++@c pthread_setname_np
++@c pthread_setschedparam
++@c pthread_setschedprio
++@c pthread_sigmask
++@c pthread_sigqueue
++@c pthread_spin_destroy
++@c pthread_spin_init
++@c pthread_spin_lock
++@c pthread_spin_trylock
++@c pthread_spin_unlock
++@c pthread_testcancel
++@c pthread_timedjoin_np
++@c pthread_tryjoin_np
++@c pthread_yield
+diff --git a/manual/time.texi b/manual/time.texi
+index ff31e28..3967b24 100644
+--- a/manual/time.texi
++++ b/manual/time.texi
+@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c On most GNU/Linux systems this is a direct syscall, but the posix/
++@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
++@c localtime_r, saving and restoring tzname in an unsafe manner.
++@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
++@c for vdso resolution. ifunc-vdso-revisit.
+ The @code{gettimeofday} function returns the current calendar time as
+ the elapsed time since the epoch in the @code{struct timeval} structure
+ indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
new file mode 100644
index 0000000..09977f1
--- /dev/null
+++ b/patches/manual-document-mt-safety.patch
@@ -0,0 +1,386 @@
+Bottom: 13f15f706fb1ff430a99cba2788b2c38389fb60e
+Top: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:35 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/macros.texi: Introduce macros to document thread
+ safety properties.
+ * manual/intro.texi: Introduce the properties themselves.
+
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index deaf089..2630a77 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
+ @comment <wordexp.h> (not yet implemented)
+ @comment confstr
+
++The safety properties of @glibcadj{} functions, documented as MT-, AS-
++and AC- -Safe and -Unsafe are assessed according to the criteria set
++forth in the POSIX standard for Multi-Thread, Async-Signal and
++Async-Cancel safety.
++
++Intuitive definition of these properties, that attempt to capture
++the meaning of the standard definitions, follow:
++
++@itemize @bullet
++
++@item
++@cindex MT-Safe
++MT-Safe functions are safe to call in the presence of other threads. MT
++stands for Multi Thread.
++
++@item
++@cindex AS-Safe
++AS-Safe functions are safe to call from asynchronous signal handlers.
++AS stands for Asynchronous Signal.
++
++@item
++@cindex AC-Safe
++AC-Safe functions are safe to call when asynchronous cancellation is
++enabled. AC stands for Asynchronous Cancellation.
++
++@item
++@cindex MT-Unsafe
++@cindex AS-Unsafe
++@cindex AC-Unsafe
++MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
++the contexts described above: they may cause deviations from the
++specification in the behavior of the calls themselves, or of any other
++concurrent, ongoing or subsequent calls.
++
++Functions not explicitly documented as Safe should be regarded as
++Unsafe.
++
++@end itemize
++
++By ``safe to call'', we mean that, as long as the program does not
++invoke undefined or unspecified behavior, the called functions will
++behave as documented, and they won't cause any other functions to
++deviate from their documented behavior.
++
++Although we strive to abide by the standards, in some cases our
++implementation is safe even when the standard does not demand safety,
++and in other cases our implementation does not meet the standard safety
++requirements. At this point, we document the result of an assessment of
++the properties of our implementation, so the safety documentation in
++this manual is not to be regarded as a promise of future behavior: in
++future releases, functions that are documented as safe may become
++unsafe, and safety constraints may be removed or introduced. We
++envision turning the results of the assessment into a set of promises as
++stable as our interfaces, but we're not there yet.
++
++When a function is safe to call only under certain constraints, we will
++add keywords to the safety notes whose meanings are defined as follows:
++
++@itemize @bullet
++
++@c glocale-revisit
++@item @code{glocale}
++@cindex glocale
++
++In threads that have not overridden the thread-local locale object by
++calling @code{uselocale}, calling functions annotated with
++@code{glocale} concurrently with @code{setlocale} may cause the
++functions to behave in ways that don't correspond to either the previous
++or the subsequent global locale.
++
++Although the @code{setlocale} function modifies the global locale object
++while holding a lock, @code{glocale}-annotated functions may access this
++global object multiple times, without any measures to ensure it doesn't
++change while it's in use.
++
++Each of these unprotected uses will use either the previous or the
++subsequent locale information, so they won't cause crashes or access to
++uninitialized, unmapped or recycled memory. However, since some cases
++use cached locale information while others access the effective locale
++object anew, concurrent changes to the global locale object may cause
++these functions to behave in ways that they could not behave should the
++execution of @code{setlocale} and of the so-annotated functions be
++atomic, or even should @code{setlocale} alone be atomic.
++
++The @code{glocale} constraint indicates functions are only safe to call
++if the effective thread-local locale is not the global locale object
++(because it was overridden with @code{uselocale}). Failing that,
++@code{setlocale} should not be called while these functions are active.
++
++
++@item @code{uunguard}
++@cindex uunguard
++
++Functions marked with @code{uunguard} modify non-atomically arguments or
++global objects that other functions access without synchronization. To
++ensure MT- and AS-Safe behavior, callers should refrain from calling
++so-marked functions concurrently with users of the corresponding
++objects.
++
++Unguarded users of the global locale object modified by @code{setlocale}
++are marked with @code{glocale}.
++
++Unguarded users of the @code{printf} extension objects modified by
++@code{register_printf_function} are the entire family of printf
++functions.
++
++Unguarded users of streams configured with @code{__fsetlocking} for
++locking by the caller are the entire family of stdio functions.
++
++
++@item @code{xguargs}
++@cindex xguargs
++
++Functions marked with @code{xguargs} may use or modify objects passed as
++arguments without any guards to ensure consistency. To ensure MT- and
++AS-Safe behavior, callers must ensure that the objects passed in are not
++modified concurrently by other threads or signal handlers.
++
++
++@end itemize
++
++
++Additional safety issues that cannot be worked around by constraining
++the program are also documented with keywords, whose meaning is defined
++as follows:
++
++@itemize @bullet
++
++@item @code{staticbuf}
++@cindex staticbuf
++
++Functions annotated with @code{staticbuf} use internal static buffers or
++variables in ways that may cause concurrent calls to interfere
++destructively.
++
++These functions are all MT-Unsafe and AC-Unsafe. However, many of them
++offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
++
++
++@item @code{fdleak}
++@cindex fdleak
++
++Functions annotated with @code{fdleak} may leak file descriptors if
++asynchronous thread cancellation interrupts their execution.
++
++Functions that allocate or deallocate file descriptors will generally be
++marked as such, because even if they attempted to protect the file
++descriptor allocation and deallocation with cleanup regions, allocating
++a new descriptor and storing its number where the cleanup region could
++release it cannot be performed as a single atomic operation, just like
++releasing it and taking it out of the data structure normally
++responsible for releasing it cannot be performed atomically, always
++leaving a window in which the descriptor cannot be released because it
++wasn't stored in the cleanup handler argument yet, or in which it was
++already taken out of it before releasing it in the normal flow (we
++cannot keep it there because, in case of cancellation, we wouldn't be
++able to tell whether it was already released, and the same number could
++have been already assigned to another descriptor by another thread, so
++we couldn't just release it again).
++
++Such leaks could be internally avoided, with some performance penalty,
++by temporarily disabling asynchronous thread cancellation. However,
++since callers of allocation or deallocation functions would have to do
++this themselves, to avoid the same sort of leak in their own layer, it
++makes more sense for the library to assume they are taking care of it
++than to impose a performance penalty that is redundant when the problem
++is solved in upper layers, and insufficient when it isn't.
++
++This remark by itself does not cause a function to be regarded as
++AC-Unsafe. However, cummulative effects of such leaks may pose a
++problem for some programs. If this is the case, suspending asynchronous
++cancellation for the duration of calls to such functions is recommended.
++
++
++@item @code{memleak}
++@cindex memleak
++
++Functions annotated with @code{memleak} may leak memory if asynchronous
++thread cancellation interrupts their execution.
++
++The problem is similar to that of file descriptors: there is no atomic
++interface to allocate memory and store its address in the argument to a
++cleanup handler, or to release it and remove its address from that
++argument, without at least temporarily disabling asynchronous
++cancellation, which these functions do not do.
++
++This remark does not by itself cause a function to be regarded as
++generally AC-Unsafe. However, cummulative effects of such leaks may be
++severe enough for some programs that disabling asynchronous cancellation
++for the duration of calls to such functions may be required.
++
++
++@item @code{lockleak}
++@cindex lockleak
++
++Functions annotated with @code{lockleak} may leak locks if asynchronous
++thread cancellation interrupts their execution.
++
++While the problem is similar to that of file descriptors, in that there
++is not any atomic interface to lock and take note of the need for
++unlocking in a cleanup, or to unlock and take note that there is no
++longer such a need, the problem posed by lock leaks is far more serious:
++when a file descriptor or a piece of memory is leaked, it becomes
++inaccessible and subsequent attempts to allocate a file descriptor or
++some memory will just use another resource. However, once a lock is
++left taken, attempts to take that lock will block indefinitely.
++(Recursive locks will only block other threads, and read locks will only
++block writer threads, but the point still holds in general).
++
++For the reasons above, functions that leak locks are all AC-Unsafe.
++
++
++@item @code{selfdeadlock}
++@cindex selfdeadlock
++
++Functions marked with @code{selfdeadlock} take a non-recursive lock to
++ensure MT-Safety while modifying data structures guarded by the lock.
++
++If such a function is interrupted by a signal while holding the lock,
++and the signal handler calls any function that takes the same
++non-recursive lock, the result is a deadlock.
++
++Blocking asynchronous signal delivery while calling such functions is
++the only safe way to avoid a deadlock if any signal handler might need
++to call them.
++
++
++@item @code{asynconsist}
++@cindex asynconsist
++
++Functions marked with @code{asynconsist} take a recursive lock to ensure
++MT-Safety while accessing or modifying data structures guarded by the
++lock.
++
++If such a function is interrupted by a signal while holding the lock,
++and the signal handler calls any function that takes the same
++non-recursive lock, the latter function may observe a partially updated,
++inconsistent data structure, and misbehave.
++
++Blocking asynchronous signal delivery while calling such functions is
++the only safe way to avoid the misbehavior that may ensue if any signal
++handler might need to call them.
++
++
++@item @code{asmalloc}
++@cindex asmalloc
++
++This is a sub-case of @code{asynconsist}. Functions marked with
++@code{asmalloc} perform memory allocation or deallocation with the
++@code{malloc}/@code{free} family of functions.
++
++If heap management functions are interrupted by asynchronous signals,
++and the signal handlers attempt to perform memory allocation or
++deallocation of their own, they may encounter heap data structures in a
++partially updated state, and the interrupted calls may malfunction
++because of the changes made within the signal handler.
++
++
++@item @code{incansist}
++@cindex incansist
++
++Functions marked with @code{incansist} modify data structures in a
++non-atomic way.
++
++If such a function is asynchronously canceled, it may leave the data
++structure in a partially updated, inconsistent state. Subsequent uses
++of the data structure may misbehave.
++
++Disabling asynchronous cancelation while calling such functions is the
++only safe way to avoid the misbehavior that may ensure if the thread is
++canceled while the function is running.
++
++
++@item @code{simfpu}
++@cindex simfpu
++
++Functions annotated with @code{simfpu} may misbehave on powerpc ports in
++which the floating-point unit is disabled and floating point simulation
++is used instead. On such platforms, @theglibc{} uses global variables
++to hold floating-point exceptions, rounding modes and disabled
++exceptions, rather than thread-local state. This is a @glibcadj{} bug.
++
++Furthermore, even if this bug is fixed, the emulation of floating-point
++control and status registers will not go as far as saving and restoring
++these emulated registers across asynchronous signal handlers. Indeed,
++although most platforms preserve floating-point context as part of the
++thread context, preserving control and status words is not mandatory:
++standards recommend that programs that modify them within signal
++handlers restore them to the original state before returning.
++
++This note does not cause functions to be marked as MT-Unsafe, even
++though, on the affected platform, they are MT-Unsafe indeed.
++
++
++@item @code{unposix}
++@cindex unposix
++
++This remark indicates our safety documentation is known to differ from
++the requirements set by the POSIX standard. For example, POSIX does not
++require a function to be Safe, but our implementation is Safe, or
++vice-versa.
++
++For the time being, the absence of this remark does not imply the safety
++propertes we documentated are identical to those mandated by POSIX for
++the corresponding functions.
++
++@end itemize
++
+
+ @node Berkeley Unix, SVID, POSIX, Standards and Portability
+ @subsection Berkeley Unix
+diff --git a/manual/macros.texi b/manual/macros.texi
+index daaf1c0..6955f32 100644
+--- a/manual/macros.texi
++++ b/manual/macros.texi
+@@ -47,4 +47,46 @@ GNU/Hurd systems
+ GNU/Linux systems
+ @end macro
+
++@c Document a function as thread safe.
++@macro mtsafe {comments}
++| MT-Safe \comments\
++|
++@end macro
++@c Document a function as thread unsafe.
++@macro mtunsafe {comments}
++| MT-Unsafe \comments\
++|
++@end macro
++@c Document a function as safe for use in asynchronous signal handlers.
++@macro assafe {comments}
++| AS-Safe \comments\
++|
++@end macro
++@c Document a function as unsafe for use in asynchronous signal
++@c handlers. This distinguishes unmarked functions, for which this
++@c property has not been assessed, from those that have been analyzed.
++@macro asunsafe {comments}
++| AS-Unsafe \comments\
++|
++@end macro
++@c Document a function as safe for use when asynchronous cancellation is
++@c enabled.
++@macro acsafe {comments}
++| AC-Safe \comments\
++|
++@end macro
++@c Document a function as unsafe for use when asynchronous cancellation
++@c is enabled. This distinguishes unmarked functions, for which this
++@c property has not been assessed, from those that have been analyzed.
++@macro acunsafe {comments}
++| AC-Unsafe \comments\
++|
++@end macro
++@c Format the thread and async safety properties of a function.
++@macro safety {notes}
++\notes\
++
++
++@end macro
++
+ @end ifclear
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
new file mode 100644
index 0000000..fb9723a
--- /dev/null
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -0,0 +1,67 @@
+Bottom: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Top: 83a97471a9f798dbf70f921529bea532c0632478
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:36 -0300
+
+Note that powerpc fpu emulation status is not thread- or signal-safe.
+
+for ports/ChangeLog.powerpc
+
+ PR 15483
+ * sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
+ the need for thread-specific variables preserved across signal
+ handlers.
+ * sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
+ * sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
+
+
+---
+
+diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
+index fc061d0..e167033 100644
+--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
++++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
+@@ -21,6 +21,11 @@
+ #include "soft-fp.h"
+ #include "soft-supp.h"
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ /* Global to store sticky exceptions. */
+ int __sim_exceptions __attribute__ ((nocommon));
+ libc_hidden_data_def (__sim_exceptions);
+diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
+index b9638bb..64a3d2a 100644
+--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
++++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
+@@ -26,6 +26,11 @@ typedef union
+ } fenv_union_t;
+
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ extern int __sim_exceptions;
+ libc_hidden_proto (__sim_exceptions);
+ extern int __sim_disabled_exceptions;
+diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+index c2a190e..508d869 100644
+--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
++++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+@@ -54,6 +54,11 @@
+ #define FP_ROUNDMODE __sim_round_mode
+ #define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ extern int __sim_exceptions;
+ libc_hidden_proto (__sim_exceptions);
+ extern int __sim_disabled_exceptions;
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
new file mode 100644
index 0000000..2e01b9a
--- /dev/null
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -0,0 +1,75 @@
+Bottom: 83a97471a9f798dbf70f921529bea532c0632478
+Top: 58842960ffbf63afb50845d77d86b584785bfb5d
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:37 -0300
+
+Rename unused scalb to scalbn to match prototype.
+
+for ChangeLog
+
+ * sysdeps/ieee754/support.c (scalbn): Rename from
+ wrongly-typed scalb. Adjust all callers. Apparently unused.
+
+
+---
+
+diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
+index 00476c0..0bbd892f 100644
+--- a/sysdeps/ieee754/support.c
++++ b/sysdeps/ieee754/support.c
+@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
+ static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
+ #endif /* defined(vax)||defined(tahoe) */
+
+-double scalb(x,N)
++double scalbn(x,N)
+ double x; int N;
+ {
+ int k;
+@@ -106,7 +106,7 @@ double x; int N;
+ if( (k= *px & mexp ) != mexp ) {
+ if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
+ if( k == 0 ) {
+- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
++ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
+ #endif /* defined(vax)||defined(tahoe) */
+
+ if((k = (k>>gap)+ N) > 0 )
+@@ -115,7 +115,7 @@ double x; int N;
+ else
+ if( k > -prep1 )
+ /* gradual underflow */
+- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
++ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
+ else
+ return(nunf*nunf);
+ }
+@@ -228,7 +228,7 @@ double x,p;
+
+ else if ( ((*pp & mexp)>>gap) <= 1 )
+ /* subnormal p, or almost subnormal p */
+- { double b; b=scalb(1.0,(int)prep1);
++ { double b; b=scalbn(1.0,(int)prep1);
+ p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
+ else if ( p >= novf/2)
+ { p /= 2 ; x /= 2; return(drem(x,p)*2);}
+@@ -294,8 +294,8 @@ double x;
+
+ /* scale x to [1,4) */
+ n=logb(x);
+- x=scalb(x,-n);
+- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
++ x=scalbn(x,-n);
++ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
+ m += n;
+ n = m/2;
+ if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
+@@ -326,7 +326,7 @@ double x;
+ b=1.0+r/4; if(b>1.0) t=1;
+ if(t>=0) q+=r; }
+
+-end: return(scalb(q,n));
++end: return(scalbn(q,n));
+ }
+
+ #if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
commit 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:48 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
commit b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..f05d509 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=00af0ed393c8103a619299dc34fcda36561f3cd7
commit 00af0ed393c8103a619299dc34fcda36561f3cd7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2138bb13b72835109d53a470595be6f31f485113
commit 2138bb13b72835109d53a470595be6f31f485113
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=29204588dcc2ae4b2c07025a50f8018c87cdc409
commit 29204588dcc2ae4b2c07025a50f8018c87cdc409
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
commit ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..833e0c9 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +452,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +747,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +763,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +800,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +812,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +968,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1035,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1074,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1084,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1396,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1447,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1476,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1560,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1629,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1704,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1740,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2115,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2375,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2440,9 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2633,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2689,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2701,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2713,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2725,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7b61a96cbd8cb57ef7aedbddf47a3368451583d
commit c7b61a96cbd8cb57ef7aedbddf47a3368451583d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:37 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c2080123a1257f86601d8639f289ea4e3e6e27d7
commit c2080123a1257f86601d8639f289ea4e3e6e27d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:36 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=706d7b14f054f498250c63c1e221a935b0e5ced2
commit 706d7b14f054f498250c63c1e221a935b0e5ced2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..2630a77 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the latter function may observe a partially updated,
+inconsistent data structure, and misbehave.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
-----------------------------------------------------------------------
hooks/post-receive
--
GNU C Library master sources